OL 9 must use a separate file system for the system audit data path.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-271432	OL09-00-000002	SV-271432r1091008_rule		Low

Description

Placing "/var/log/audit" in its own partition enables better separation between audit files and other system files and helps ensure that auditing cannot be halted due to the partition running out of space.

STIG	Date
Oracle Linux 9 Security Technical Implementation Guide	2025-05-08

Details

Check Text (C-75482r1091006_chk)

Verify that OL 9 uses a separate file system for the system audit data path with the following command:

Note: /var/log/audit is used as the example as it is a common location.

$ mount | grep /var/log/audit
UUID=2efb2979-45ac-82d7-0ae632d11f51 on /var/log/home type xfs (rw,realtime,seclabel,attr2,inode64)

If no line is returned, this is a finding.

Fix Text (F-75389r1091007_fix)

Migrate the system audit data path onto a separate file system.