STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Red Hat Enterprise Linux 10 Security Technical Implementation Guide

V-280936

CAT III (Low)

RHEL 10 must use a separate file system for the system audit data path.

Rule ID

SV-280936r1184726_rule

STIG

Red Hat Enterprise Linux 10 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001849

Discussion

Placing "/var/log/audit" in its own partition enables better separation between audit files and other system files and helps ensure that auditing cannot be halted due to the partition running out of space.

Check Content

Verify RHEL 10 uses a separate file system/partition for the system audit data path with the following command:

Note: /var/log/audit is used as the example as it is a common location.

$ mount | grep /var/log/audit
/dev/mapper/rootvg-varlogaudit on /var/log/audit type xfs (rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota)
Note: Options displayed for mount may differ.

If no line is returned, this is a finding.

Fix Text

Configure RHEL 10 to use a separate file system for the system audit data path by migrating "/var/log/audit" onto a separate file system.