TOSS 5 must write audit records to disk.

Severity
Group ID
Group Title
Version
Rule ID
Date
STIG Version
mediumV-282752SRG-OS-000480-GPOS-00227TOSS-05-000405SV-282752r1201236_rule2026-04-011

Description

Audit data should be synchronously written to disk to ensure log integrity. This setting ensures all audit event data is written to disk.

ℹ️ Check

If the system is configured to immediately offload audit records to an external system, this requirement is not applicable. Verify the audit system is configured to write logs to the disk using the following command: $ sudo grep write_logs /etc/audit/auditd.conf write_logs = yes If "write_logs" does not have a value of "yes", the line is commented out, or the line is missing, this is a finding.

✔️ Fix

Configure the audit system to write log files to the disk. Edit the "/etc/audit/auditd.conf" file and add or update the "write_logs" option to "yes": write_logs = yes Restart the audit daemon for changes to take effect.