SLES-15-030660 - The SUSE operating system must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility.

Information

To ensure SUSE operating systems have a sufficient storage capacity in which to write the audit logs, SUSE operating systems need to be able to allocate audit record storage capacity.

The task of allocating audit record storage capacity is usually performed during initial installation of the SUSE operating system.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Allocate enough storage capacity for at least one week of SUSE operating system audit records when audit records are not immediately sent to a central audit record storage facility.

If audit records are stored on a partition made specifically for audit records, use the 'YaST2 - Partitioner' program (installation and configuration tool for Linux) to resize the partition with sufficient space to contain one week of audit records.

If audit records are not stored on a partition made specifically for audit records, a new partition with sufficient amount of space will need be to be created. The new partition can be created using the 'YaST2 - Partitioner' program on the system.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SLES_15_V1R12_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001849, Rule-ID|SV-234965r877391_rule, STIG-ID|SLES-15-030660, Vuln-ID|V-234965

Plugin: Unix

Control ID: 963909e17b05befb679dd102bdccd3f584bb49fccd26ae4fc010ecbbe94265b2