CCE-90638-8Platform: cpe:/o:centos:centos:7, cpe:/o:redhat:enterprise_linux:7 | Date: (C)2017-06-29 (M)2023-07-04 |
The default action to take when the logs reach their maximum size
is to rotate the log files, discarding the oldest one. To configure the action taken
by 'auditd', add or correct the line in '/etc/audit/auditd.conf':
'max_log_file_action = ACTION'
Possible values for
Parameter:
[ignore/syslog/suspend/keep_logs]
Technical Mechanism:
Automatically rotating logs (by setting this to 'rotate')
minimizes the chances of the system unexpectedly running out of disk space by
being overwhelmed with log data. However, for systems that must never discard
log data, or which use external processes to transfer it and reclaim space,
'keep_logs' can be employed.
CCSS Severity: | CCSS Metrics: |
CCSS Score : 7.3 | Attack Vector: LOCAL |
Exploit Score: 2.5 | Attack Complexity: LOW |
Impact Score: 4.7 | Privileges Required: NONE |
Severity: HIGH | User Interaction: NONE |
Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H | Scope: UNCHANGED |
| Confidentiality: LOW |
| Integrity: LOW |
| Availability: HIGH |
| |
References: Resource Id | Reference |
---|
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:31052 |
SCAP Repo OVAL Definition | oval:org.secpod.oval:def:30329 |