MEDIUM M20: Auditd Data Retention P3

Verified Compare Branch

Overview

Configures auditd behavior when disk space runs low, ensuring audit data is not silently lost. Sets actions for disk errors, disk full conditions, and low space warnings.

Profile: NIST 800-53 Moderate (rhcos4-moderate)

Compliance Checks

Check	Description
`auditd-data-disk-error-action`	Set action on disk write errors (syslog)
`auditd-data-disk-full-action`	Set action when disk is full (halt)
`auditd-data-retention-admin-space-left-action`	Set admin space-left action (single)
`auditd-data-retention-space-left`	Configure space-left threshold

Verification

oc debug node/<node> -- chroot /host grep -E 'disk_error_action|disk_full_action|admin_space_left_action|space_left ' /etc/audit/auditd.conf

← M19 All Groups M21 →

MEDIUM M20: Auditd Data Retention P3

Overview

Compliance Checks

Verification

Keyboard Shortcuts