Ubuntu 22.04
Ubuntu 22.04 LTS must have a crontab script running weekly to offload audit events of standalone systems
STIG ID:
UBTU-22-651035
|
SRG:
SRG-OS-000479-GPOS-00224
|
Severity:
Low
|
CCI:
CCI-001851
|
Vulnerability ID:
V-260587
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.
Check
C-64316r953572_chk
Verify there is a script that offloads audit data and that script runs weekly by using the following command: Note: If the system is not connected to a network, this requirement is not applicable. $ ls /etc/cron.weekly if the script inside the file does offloading of audit logs to external media. If the script file does not exist or does not offload audit logs, this is a finding.
Fix
F-64224r953573_fix
Create a script that offloads audit logs to external media and runs weekly. The script must be located in the "/etc/cron.weekly" directory.