TOSS 5 must write audit records to disk.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-282752 | SRG-OS-000480-GPOS-00227 | TOSS-05-000405 | SV-282752r1201236_rule | 2026-04-01 | 1 |
Description
Audit data should be synchronously written to disk to ensure log integrity. This setting ensures all audit event data is written to disk.
ℹ️ Check
If the system is configured to immediately offload audit records to an external system, this requirement is not applicable.
Verify the audit system is configured to write logs to the disk using the following command:
$ sudo grep write_logs /etc/audit/auditd.conf
write_logs = yes
If "write_logs" does not have a value of "yes", the line is commented out, or the line is missing, this is a finding.
✔️ Fix
Configure the audit system to write log files to the disk.
Edit the "/etc/audit/auditd.conf" file and add or update the "write_logs" option to "yes":
write_logs = yes
Restart the audit daemon for changes to take effect.