STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Red Hat Enterprise Linux 9 Security Technical Implementation Guide

V-257847

CAT III (Low)

RHEL 9 must use a separate file system for the system audit data path.

Rule ID

SV-257847r1044924_rule

STIG

Red Hat Enterprise Linux 9 Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-001849

Discussion

Placing "/var/log/audit" in its own partition enables better separation between audit files and other system files, and helps ensure that auditing cannot be halted due to the partition running out of space. Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000480-GPOS-00227

Check Content

Verify that a separate file system/partition has been created for the system audit data path with the following command:

Note: /var/log/audit is used as the example as it is a common location.

$ mount | grep /var/log/audit 

/dev/mapper/rootvg-varlogaudit on /var/log/audit type xfs (rw,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k,noquota)
Note: Options displayed for mount may differ.

If no line is returned, this is a finding.

Fix Text

Migrate the system audit data path onto a separate file system.