TOSS 5 must write audit records to disk.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-282752 | TOSS-05-000405 | SV-282752r1201236_rule | CCI-000366 | medium |
| Description | ||||
| Audit data should be synchronously written to disk to ensure log integrity. This setting ensures all audit event data is written to disk. | ||||
| STIG | Date | |||
| Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide | 2026-04-01 | |||
Details
Check Text (C-282752r1201236_chk)
If the system is configured to immediately offload audit records to an external system, this requirement is not applicable.
Verify the audit system is configured to write logs to the disk using the following command:
$ sudo grep write_logs /etc/audit/auditd.conf
write_logs = yes
If "write_logs" does not have a value of "yes", the line is commented out, or the line is missing, this is a finding.
Fix Text (F-87218r1201235_fix)
Configure the audit system to write log files to the disk.
Edit the "/etc/audit/auditd.conf" file and add or update the "write_logs" option to "yes":
write_logs = yes
Restart the audit daemon for changes to take effect.