UCF STIG Viewer Logo

The audit system must identify staff members to receive notifications of audit log storage volume capacity issues.


Finding ID Version Rule ID IA Controls Severity
V-218057 RHEL-06-000313 SV-218057r505923_rule Medium
Email sent to the root account is typically aliased to the administrators of the system, who can take appropriate action.
Red Hat Enterprise Linux 6 Security Technical Implementation Guide 2020-09-03


Check Text ( C-19538r377186_chk )
Inspect "/etc/audit/auditd.conf" and locate the following line to determine if the system is configured to send email to an account when it needs to notify an administrator:

action_mail_acct = root

If auditd is not configured to send emails per identified actions, this is a finding.
Fix Text (F-19536r377187_fix)
The "auditd" service can be configured to send email to a designated account in certain situations. Add or correct the following line in "/etc/audit/auditd.conf" to ensure that administrators are notified via email for those situations:

action_mail_acct = root