STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide

V-239638

CAT II (Medium)

Audit logs must be rotated daily.

Rule ID

SV-239638r662365_rule

STIG

VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide

Version

V2R2

CCIs

CCI-000172

Discussion

Rotate audit logs daily to preserve audit file system space and to conform to the DISA requirement. If it is not rotated daily and moved to another location, then there is more of a chance for the compromise of audit data by malicious users.

Check Content

Check for a logrotate entry that rotates audit logs.

# ls -l /etc/logrotate.d/audit

If it exists, check for the presence of the daily rotate flag:

# egrep "daily" /etc/logrotate.d/audit

The command should produce a "daily" entry in the logrotate file for the audit daemon. 

If the daily entry is missing, this is a finding.

Fix Text

Create or edit the "/etc/logrotate.d/audit" file and add the daily entry, such as:

/var/log/audit/audit.log {
compress
dateext
rotate 15
daily
missingok
notifempty
create 600 root root
sharedscripts
postrotate
/sbin/service auditd restart 2> /dev/null > /dev/null || true
endscript
}