[PATCH 2/6] Mapped CCI-000140 to configure_auditd_admin_space_left_action in auditing.xml

Willy Santos Thu, 14 Jun 2012 14:03:05 -0700

CCI-000140 requires the OS to take organization-defined actions upon audit 
failure. In the case of "out-of-disk-space" failure 
configure_auditd_admin_space_left_action meets this requirement.


Signed-off-by: Willy Santos <[email protected]>
---
 rhel6/src/input/system/auditing.xml |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/rhel6/src/input/system/auditing.xml 
b/rhel6/src/input/system/auditing.xml
index 62e0f24..d904650 100644
--- a/rhel6/src/input/system/auditing.xml
+++ b/rhel6/src/input/system/auditing.xml
@@ -295,6 +295,7 @@ audit records.  If a separate partition or logical volume 
of adequate size
 is used, running low on space for audit records should never occur.
 </rationale>
 <oval id="auditd_data_retention_admin_space_left_action" 
value="var_auditd_admin_space_left_action" />
+<ref disa="140" />
 </Rule>
 
 
-- 
1.7.7.6

_______________________________________________
scap-security-guide mailing list
[email protected]
https://fedorahosted.org/mailman/listinfo/scap-security-guide

[PATCH 2/6] Mapped CCI-000140 to configure_auditd_admin_space_left_action in auditing.xml

Reply via email to