Detections
Analytics

CSCv6|6.3

Title

Ensure that all systems that store logs have adequate storage space for the logs generated on a regular basis.

Description

Ensure that all systems that store logs have adequate storage space for the logs generated on a regular basis, so that log files will not fill up between log rotation intervals. The logs must be archived and digitally signed on a periodic basis.

Reference Item Details

Category: Maintenance, Monitoring, and Analysis of Audit Logs

Family: System

Audit Items

View all Reference Audit Items

NamePluginAudit Name
1.1.3.9.4 Set 'MSS: (WarningLevel) Percentage threshold for the security event log at which the system will generate a warning' to '<= 0.9'WindowsCIS Windows 8 L1 v1.0.0
1.1.5.1.2 Set 'Windows Firewall: Domain: Logging: Size limit (KB)' to '16384 KB or greater'WindowsCIS Windows 8 L1 v1.0.0
1.1.5.1.3 Set 'Windows Firewall: Domain: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\domainfw.log'WindowsCIS Windows 8 L1 v1.0.0
1.1.5.1.4 Set 'Windows Firewall: Private: Logging: Size limit (KB)' to '16384 KB or greater'WindowsCIS Windows 8 L1 v1.0.0
1.1.5.2.8 Set 'Windows Firewall: Private: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\privatefw.log'WindowsCIS Windows 8 L1 v1.0.0
1.1.5.3.7 Set 'Windows Firewall: Public: Logging: Name' to '%SYSTEMROOT%\System32\logfiles\firewall\publicfw.log'WindowsCIS Windows 8 L1 v1.0.0
1.1.5.3.9 Set 'Windows Firewall: Public: Logging: Size limit (KB)' to '16384 KB or greater'WindowsCIS Windows 8 L1 v1.0.0
1.1.7 Create Separate Partition for /var/logUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.8 Create Separate Partition for /var/log/auditUnixCIS Red Hat Enterprise Linux 5 L1 v2.2.1
1.1.10 Ensure separate partition exists for /varUnixCIS Ubuntu Linux 16.04 LTS Workstation L2 v2.0.0
1.1.10 Ensure separate partition exists for /varUnixCIS Ubuntu Linux 16.04 LTS Server L2 v2.0.0
1.1.10 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.1.10 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.1.10 Ensure separate partition exists for /var/logUnixCIS Debian 8 Server L2 v2.0.2
1.1.10 Ensure separate partition exists for /var/logUnixCIS Debian 8 Workstation L2 v2.0.2
1.1.11 Ensure separate partition exists for /var/logUnixCIS Amazon Linux v2.1.0 L2
1.1.11 Ensure separate partition exists for /var/logUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Distribution Independent Linux Server L2 v2.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
1.1.11 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 14.04 LTS Server L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 14.04 LTS Workstation L2 v2.1.0
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Debian 8 Server L2 v2.0.2
1.1.11 Ensure separate partition exists for /var/log/auditUnixCIS Debian 8 Workstation L2 v2.0.2
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Distribution Independent Linux Server L2 v2.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Amazon Linux v2.1.0 L2
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Distribution Independent Linux Workstation L2 v2.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 18.04 LXD Host L2 Server v1.0.0
1.1.12 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 18.04 LXD Host L2 Workstation v1.0.0
1.1.15 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
1.1.15 Ensure separate partition exists for /var/logUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
1.1.15 Ensure that the --audit-log-maxage argument is set to 30 or as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 18.04 LTS Server L2 v2.1.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Ubuntu Linux 18.04 LTS Workstation L2 v2.1.0
1.1.16 Ensure separate partition exists for /var/log/auditUnixCIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
1.1.16 Ensure that the --audit-log-maxage argument is set to 30 or as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.16 Ensure that the --audit-log-maxage argument is set to 30 or as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.16 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.17 Ensure that the --audit-log-maxage argument is set to 30 or as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.17 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.17 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.17 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateUnixCIS Kubernetes 1.8 Benchmark v1.2.0 L1
1.1.18 Ensure that the --audit-log-maxbackup argument is set to 10 or as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.1.18 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateUnixCIS Kubernetes 1.11 Benchmark v1.3.0 L1
1.1.18 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateUnixCIS Kubernetes 1.13 Benchmark v1.4.1 L1
1.1.19 Ensure that the --audit-log-maxsize argument is set to 100 or as appropriateUnixCIS Kubernetes 1.7.0 Benchmark v1.1.0 L1
1.2.4.4.2 Set 'Security: Maximum Log Size (KB)' to 'Enabled:20480 or greater'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.4.3 Set 'System: Control Event Log behavior when the log file reaches its maximum size' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.4.4 Set 'Security: Control Event Log behavior when the log file reaches its maximum size' to 'Disabled'WindowsCIS Windows 8 L1 v1.0.0
1.2.4.4.5 Set 'Application: Maximum Log Size (KB)' to 'Enabled:20480 or greater'WindowsCIS Windows 8 L1 v1.0.0