AlmaLinux OS 9 must use a separate file system for the system audit data path.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| low | V-269507 | SRG-OS-000341-GPOS-00132 | ALMA-09-051940 | SV-269507r1050390_rule | 2026-02-27 | 1 |
Description
Placing "/var/log/audit" in its own partition enables better separation between audit files and other system files, and helps ensure that auditing cannot be halted due to the partition running out of space.
ℹ️ Check
Verify that a separate file system/partition has been created for the system audit data path with the following command:
Note: /var/log/audit is used as the example as it is a common location.
$ findmnt /var/log/audit
TARGET SOURCE FSTYPE OPTIONS
/var/log/audit /dev/mapper/luks-29b74747-2f82-4472-82f5-0b5eb763effc xfs rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota
If no line is returned, this is a finding.
✔️ Fix
Migrate the system audit data path onto a separate file system.