
Implements: blueprint security-hardening Change-Id: I3839996608f8b5e7805e0a313c625238a4644868
626 B
626 B
Exception
The STIG requires that the audit system must switch the entire system into single-user mode when the space for logging becomes dangerously low.
This will cause serious service disruptions for any environment and should only be enabled for extremely high security environments.
Ubuntu sets admin_space_left_action
to
SUSPEND
by default, and this will cause logging to be
temporarily suspended until disk space is freed.
For extremely high security environments, this Ansible variable can be provided to meet the requirements of the STIG:
admin_space_left_action: SINGLE