Major Hayden 2b9a1cce25 V-53481: Auditd disk space + single-user mode
Implements: blueprint security-hardening

Change-Id: I3839996608f8b5e7805e0a313c625238a4644868
2015-10-14 13:41:30 +00:00

626 B

Exception

The STIG requires that the audit system must switch the entire system into single-user mode when the space for logging becomes dangerously low.

This will cause serious service disruptions for any environment and should only be enabled for extremely high security environments.

Ubuntu sets admin_space_left_action to SUSPEND by default, and this will cause logging to be temporarily suspended until disk space is freed.

For extremely high security environments, this Ansible variable can be provided to meet the requirements of the STIG:

admin_space_left_action: SINGLE