PHTN-67-000060 - The Photon operating system must configure auditd to log space limit problems to syslog.

Information

If security personnel are not notified immediately when storage volume reaches 75% utilization, they are unable to plan for audit record storage capacity expansion.

Solution

Open /etc/audit/auditd.conf with a text editor.

Ensure that the 'space_left' line is uncommented and set to the following:

space_left = 75

At the command line, execute the following command:

# service auditd reload

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5(1), CAT|II, CCI|CCI-001855, Rule-ID|SV-239131r877389_rule, STIG-ID|PHTN-67-000060, Vuln-ID|V-239131

Plugin: Unix

Control ID: 681d2dcf307dbabb95fb6e87bf214b3d67580e83c4c9810e6a6f3bf03aea5fcb