Detections
Analytics

CSCv6|6.3

Title

Ensure that all systems that store logs have adequate storage space for the logs generated on a regular basis.

Description

Ensure that all systems that store logs have adequate storage space for the logs generated on a regular basis, so that log files will not fill up between log rotation intervals. The logs must be archived and digitally signed on a periodic basis.

Reference Item Details

Category: Maintenance, Monitoring, and Analysis of Audit Logs

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.9.4 Set 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' to '<= 0.9'WindowsCIS Windows 8 L1 v1.0.0
1.1.5.1.2 Set 'Windows Firewall: Domain: Logging: Size limit (KB)' to '16384 KB or greater'WindowsCIS Windows 8 L1 v1.0.0
1.1.5.1.3 Set 'Windows Firewall: Domain: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\domainfw.log'WindowsCIS Windows 8 L1 v1.0.0
1.1.5.1.4 Set 'Windows Firewall: Private: Logging: Size limit (KB)' to '16384 KB or greater'WindowsCIS Windows 8 L1 v1.0.0
1.1.5.2.8 Set 'Windows Firewall: Private: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\privatefw.log'WindowsCIS Windows 8 L1 v1.0.0
1.1.5.3.7 Set 'Windows Firewall: Public: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\publicfw.log'WindowsCIS Windows 8 L1 v1.0.0
1.1.5.3.9 Set 'Windows Firewall: Public: Logging: Size limit (KB)' to '16384 KB or greater'WindowsCIS Windows 8 L1 v1.0.0
1.1.7 Create Separate Partition for /var/logUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.8 Create Separate Partition for /var/log/auditUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.10 Ensure separate partition exists for /varUnixCIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0
1.1.10 Ensure separate partition exists for /varUnixCIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0
1.1.10 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.1.10 Ensure separate partition exists for /var/logUnixCIS Debian 8 Server L2 v2.0.2
1.1.10 Ensure separate partition exists for /var/logUnixCIS Debian 8 Workstation L2 v2.0.2
1.1.10 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Distribution Independent Linux Server L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Amazon Linux v2.1.0 L2
1.1.11 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Debian 8 Server L2 v2.0.2
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Debian 8 Workstation L2 v2.0.2
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Amazon Linux v2.1.0 L2
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Distribution Independent Linux Server L2 v2.0.0
1.1.15 Ensure that the --audit-log-maxage argument is set to 30 or as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.16 Ensure that the --audit-log-maxage argument is set to 30 or as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.16 Ensure that the --audit-log-maxage argument is set to 30 or as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.16 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.17 Ensure that the --audit-log-maxage argument is set to 30 or as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.17 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.17 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.17 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.18 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.18 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.18 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.19 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.4.4.2 Set 'Security: Maximum Log Size (KB)' to 'Enabled:20480 or greater'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.4.3 Set 'System: Control Event Log behavior when the log file reaches its maximum size' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.4.4 Set 'Security: Control Event Log behavior when the log file reaches its maximum size' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.4.5 Set 'Application: Maximum Log Size (KB)' to 'Enabled:20480 or greater'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.4.6 Set 'System: Maximum Log Size (KB)' to 'Enabled:20480 or greater'WindowsCIS Windows 8 L1 v1.0.0
1.4.3 Ensure authentication required for single user modeUnixCIS Ubuntu Linux 14.04 LTS Server L1 v2.1.0
1.4.3 Ensure authentication required for single user modeUnixCIS Ubuntu Linux 14.04 LTS Workstation L1 v2.1.0
18.4.13 (L1) Ensure 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' is set to 'Enabled: 90% or less'WindowsCIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker