OL 9 must use a separate file system for the system audit data path.

STIG ID: OL09-00-000002  |  SRG: SRG-OS-000341-GPOS-00132 |  Severity: low |  CCI: CCI-001849 |  Vulnerability Id: V-271432

Vulnerability Discussion

Placing "/var/log/audit" in its own partition enables better separation between audit files and other system files and helps ensure that auditing cannot be halted due to the partition running out of space.

Check

Verify that OL 9 uses a separate file system for the system audit data path with the following command:

Note: /var/log/audit is used as the example as it is a common location.

$ mount | grep /var/log/audit
UUID=2efb2979-45ac-82d7-0ae632d11f51 on /var/log/home type xfs (rw,realtime,seclabel,attr2,inode64)

If no line is returned, this is a finding.

Fix

Migrate the system audit data path onto a separate file system.
This website is not created by, run, approved, or endorsed by the U.S. Department of Defense. Use at your own risk. This website is created by open-source software.