STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Oracle Linux 9 Security Technical Implementation Guide

V-271602

CAT II (Medium)

OL 9 must write audit records to disk.

Rule ID

SV-271602r1092590_rule

STIG

Oracle Linux 9 Security Technical Implementation Guide

Version

V1R5

CCIs

CCI-000366

Discussion

Audit data should be synchronously written to disk to ensure log integrity. This setting ensures that all audit event data is written disk.

Check Content

Verify that OL 9 audit system is configured to write logs to the disk with the following command:

$ sudo grep write_logs /etc/audit/auditd.conf 
write_logs = yes 

If "write_logs" does not have a value of "yes", the line is commented out, or the line is missing, this is a finding.

Fix Text

Configure the audit system to write log files to the disk.

Edit the /etc/audit/auditd.conf file and add or update the "write_logs" option to "yes":

write_logs = yes 

The audit daemon must be restarted for changes to take effect.

Restart auditd:
$ sudo service auditd restart