STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

V-282430

CAT II (Medium)

TOSS 5 must periodically flush audit records to disk to prevent the loss of audit records.

Rule ID

SV-282430r1200270_rule

STIG

Tri-Lab Operating System Stack (TOSS) 5 Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-000154

Discussion

If option "freq" is not set to a value that requires audit records being written to disk after a threshold number is reached, then audit records may be lost.

Check Content

Verify the audit system is configured to flush to disk after every 100 records using the following command:

$ sudo grep freq /etc/audit/auditd.conf 

freq = 100 

If "freq" isn't set to a value between "1" and "100", the value is missing, or the line is commented out, this is a finding.

Fix Text

Configure TOSS 5 to flush audit to disk by adding or updating the following rule in "/etc/audit/auditd.conf":

freq = 100

Restart the audit daemon for the changes to take effect.