← Back to VMware vRealize Automation 7.x SLES Security Technical Implementation Guide

V-240538

CAT II (Medium)

SLES for vRealize audit logs must be rotated daily.

Rule ID

SV-240538r671355_rule

STIG

VMware vRealize Automation 7.x SLES Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000172

Discussion

Rotate audit logs daily to preserve audit file system space and to conform to the DISA requirement. If it is not rotated daily and moved to another location, then there is more of a chance for the compromise of audit data by malicious users.

Check Content

Check for a "logrotate" entry that rotates audit logs.

# ls -l /etc/logrotate.d/audit

If it exists, check for the presence of the "daily" rotate flag:

# egrep "daily" /etc/logrotate.d/audit

The command should produce a "daily" entry in the logrotate file for the audit daemon.

If the "daily" entry is missing, this is a finding.

Fix Text

Create or edit the /etc/logrotate.d/audit file and add the "daily" entry, such as:

/var/log/audit/audit.log {
compress
dateext
rotate 15
daily
missingok
notifempty
create 600 root root
sharedscripts
postrotate
/sbin/service auditd restart 2> /dev/null > /dev/null || true
endscript
}