CCI|CCI-001851

Title

The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Reference Item Details

Reference: CCI - DISA Control Correlation Identifier

Category: 2013

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
3.200 - The system must be configured to use the au-remote plugin.	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - direction	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - path	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.201 - The system must configure the au-remote plugin to off-load audit logs using the audisp-remote daemon - type	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.0210 - The system must take appropriate action when the audisp-remote buffer is full.	Unix	Tenable Fedora Linux Best Practices v2.0.0
3.0211 - The system must label all off-loaded audit logs before sending them to the central log server.	Unix	Tenable Fedora Linux Best Practices v2.0.0
4.1.2.3 Ensure audit system is set to single when the disk is full.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.6 Ensure audit system action is defined for sending errors	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.8 Ensure audit logs are stored on a different system.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.9 Ensure audit logs on separate system are encrypted.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - direction	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - path	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.11 Ensure off-load of audit logs - type	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.12 Ensure action is taken when audisp-remote buffer is full	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
4.1.2.13 Ensure off-loaded audit logs are labeled.	Unix	CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full	Unix	DISA STIG AIX 7.x v2r8
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppath	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppath	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppath	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backuppath	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsize	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsize	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsize	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - backupsize	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin1	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bin2	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompact	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompact	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompact	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - bincompact	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsize	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsize	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsize	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - binsize	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmds	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmds	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmds	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - cmds	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespace	Unix	DISA STIG AIX 7.x v2r1
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespace	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespace	Unix	DISA STIG AIX 7.x v2r3
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - freespace	Unix	DISA STIG AIX 7.x v2r6
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - trail	Unix	DISA STIG AIX 7.x v2r5
AIX7-00-002017 - AIX must be configured so that the audit system takes appropriate action when the audit storage volume is full - trail	Unix	DISA STIG AIX 7.x v2r6

Detections

Analytics

CCI|CCI-001851

Title

Reference Item Details

Audit Items