4.1.1.1 Ensure audit log storage size is configured

Information

Configure the maximum size of the audit log file. Once the log reaches the maximum size, it will be rotated and a new log file will be started.
Rationale:
It is important that an appropriate size is determined for log files so that they do not impact the system and audit data is not lost.

Solution

Set the following parameter in /etc/audit/auditd.conf in accordance with site policy:
max_log_file = <MB>
Notes:
The max_log_file parameter is measured in megabytes.

See Also

https://workbench.cisecurity.org/files/2242

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4, CSCv6|6.3, CSCv7|6.4

Plugin: Unix

Control ID: 8142a6478afb7e2ed7e2fb4648b9ba4c25040fbb858ead0a12ff0a80b7ecbc64