The Photon operating system must configure auditd to log space limit problems to syslog.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-256529 | PHTN-30-000057 | SV-256529r887261_rule | Medium |
| Description |
|---|
| If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion. |
| STIG | Date |
|---|---|
| VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide | 2023-12-01 |
Details
| Check Text ( C-60204r887259_chk ) |
|---|
| At the command line, run the following command: # grep "^space_left " /etc/audit/auditd.conf Expected result: space_left = 75 If the output does not match the expected result, this is a finding. |
| Fix Text (F-60147r887260_fix) |
|---|
| Navigate to and open: /etc/audit/auditd.conf Ensure the "space_left" line is uncommented and set to the following: space_left = 75 At the command line, run the following commands: # killproc auditd -TERM # systemctl start auditd |