| APPL-14-001029 |
V2R2 |
The macOS system must configure audit retention to seven days. |
|
| APPL-14-004050 |
V2R2 |
The macOS system must configure install.log retention to 365. |
|
| OL07-00-021330 |
V3R1 |
The Oracle Linux operating system must use a separate file system for the system audit data path large enough to hold at least one week of audit data. |
|
| OL08-00-030660 |
V2R2 |
OL 8 must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility. |
|
| RHEL-08-030602 |
V2R1 |
RHEL 8 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon. |
|
| RHEL-08-030660 |
V2R1 |
RHEL 8 must allocate audit record storage capacity to store at least one week of audit records, when audit records are not immediately sent to a central audit record storage facility. |
|
| RHEL-09-231030 |
V2R2 |
RHEL 9 must use a separate file system for the system audit data path. |
|
| RHEL-09-653030 |
V2R2 |
RHEL 9 must allocate audit record storage capacity to store at least one week's worth of audit records. |
|
| SLES-12-020020 |
V3R1 |
The SUSE operating system must allocate audit record storage capacity to store at least one weeks worth of audit records when audit records are not immediately sent to a central audit record storage facility. |
|
| SLES-15-030660 |
V2R2 |
The SUSE operating system must allocate audit record storage capacity to store at least one week of audit records when audit records are not immediately sent to a central audit record storage facility. |
|
| UBTU-18-010314 |
V2R15 |
The Ubuntu operating system must allocate audit record storage capacity to store at least one weeks worth of audit records, when audit records are not immediately sent to a central audit record storage facility. |
|
| UBTU-20-010215 |
V2R1 |
The Ubuntu operating system must allocate audit record storage capacity to store at least one weeks' worth of audit records, when audit records are not immediately sent to a central audit record storage facility. |
|
| UBTU-22-653035 |
V2R2 |
Ubuntu 22.04 LTS must allocate audit record storage capacity to store at least one weeks' worth of audit records, when audit records are not immediately sent to a central audit record storage facility. |
|
| WN10-AU-000500 |
V3R2 |
The Application event log size must be configured to 32768 KB or greater. |
|
| WN10-AU-000505 |
V3R2 |
The Security event log size must be configured to 1024000 KB or greater. |
|
| WN10-AU-000510 |
V3R2 |
The System event log size must be configured to 32768 KB or greater. |
|
| WN11-AU-000500 |
V2R2 |
The Application event log size must be configured to 32768 KB or greater. |
|
| WN11-AU-000505 |
V2R2 |
The Security event log size must be configured to 1024000 KB or greater. |
|
| WN11-AU-000510 |
V2R2 |
The System event log size must be configured to 32768 KB or greater. |
|
| WN16-CC-000300 |
V2R9 |
The Application event log size must be configured to 32768 KB or greater. |
|
| WN16-CC-000310 |
V2R9 |
The Security event log size must be configured to 196608 KB or greater. |
|
| WN16-CC-000320 |
V2R9 |
The System event log size must be configured to 32768 KB or greater. |
|
| WN19-CC-000270 |
V3R2 |
Windows Server 2019 Application event log size must be configured to 32768 KB or greater. |
|
| WN19-CC-000280 |
V3R2 |
Windows Server 2019 Security event log size must be configured to 196608 KB or greater. |
|
| WN19-CC-000290 |
V3R2 |
Windows Server 2019 System event log size must be configured to 32768 KB or greater. |
|
| WN22-CC-000270 |
V2R2 |
Windows Server 2022 Application event log size must be configured to 32768 KB or greater. |
|
| WN22-CC-000280 |
V2R2 |
Windows Server 2022 Security event log size must be configured to 196608 KB or greater. |
|
| WN22-CC-000290 |
V2R2 |
Windows Server 2022 System event log size must be configured to 32768 KB or greater. |
|