dccce1d5cc
This patch gets the docs adjusted to work with the new RHEL 7 STIG version 1 release. The new STIG release has changed all of the numbering, but it maintains a link to (most) of the old STIG IDs in the XML. Closes-bug: 1676865 Change-Id: I65023fe63163c9804a3aec9dcdbf23c69bedb604
25 lines
727 B
ReStructuredText
25 lines
727 B
ReStructuredText
---
|
|
id: V-72109
|
|
status: opt-in
|
|
tag: auditd
|
|
---
|
|
|
|
The STIG requires that all ``fchmodat`` syscalls are audited, but this
|
|
change creates a significant increase in logging on most systems. This increase
|
|
can cause some systems to run out of disk space for logs.
|
|
|
|
.. warning::
|
|
|
|
This rule is disabled by default to avoid high CPU usage and disk space
|
|
exhaustion. Deployers should only enable this rule if they have tested it
|
|
thoroughly in a non-production environment with system health monitoring
|
|
enabled.
|
|
|
|
Deployers can opt in for this change by setting the following Ansible variable:
|
|
|
|
.. code-block:: yaml
|
|
|
|
security_rhel7_audit_fchmodat: yes
|
|
|
|
This rule is compatible with x86, x86_64, and ppc64 architectures.
|