The system must use a separate file system for the system audit data path..

From HP-UX 11.23 Security Technical Implementation Guide

Part of GEN003623

Associated with IA controls: ECSC-1

Associated with: CCI-001208

SV-35054r1_rule The system must use a separate file system for the system audit data path..

Vulnerability discussion

The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.

Check content

Fix text

Migrate the audit log path onto a separate filesystem. The following assumes that /var exists and that the new audit log mount point will be /var/.audit. Verify if auditing is running: # ps -ef | grep audomon | grep -v grep If auditing is running, issue the stop command: # /sbin/init.d/auditing stop Use SAM/SMH to: - Create a new Logical Volume (size to be determined based on local site requirements). - Create a VxFS file system on the new logical volume, paying special attention to site requirements such as Access Permissions, Allocation Policies, Mirroring considerations, large/no-large files and mount options such as suid/nosuid and ro/rw. Verify the /etc/fstab /var/.audit entry # more /etc/fstab Verify the current mounts: # mount Mount /var/.audit if not yet mounted: # mount -a Re-start the auditing subsystem: # /sbin/init.d/auditing start Verify that auditing is now running: # ps -ef | grep audomon | grep -v grep

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer