STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide

V-238321

CAT III (Low)

The Ubuntu operating system must have a crontab script running weekly to offload audit events of standalone systems.

Rule ID

SV-238321r959008_rule

STIG

Canonical Ubuntu 20.04 LTS Security Technical Implementation Guide

Version

V2R4

CCIs

CCI-001851

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.

Check Content

Note: If this is an interconnected system, this is Not Applicable. 
 
Verify there is a script that offloads audit data and that script runs weekly. 
 
Check if there is a script in the "/etc/cron.weekly" directory that offloads audit data: 
 
# sudo ls /etc/cron.weekly 
 
audit-offload 
 
Check if the script inside the file does offloading of audit logs to external media. 
 
If the script file does not exist or does not offload audit logs, this is a finding.

Fix Text

Create a script that offloads audit logs to external media and runs weekly. 
 
The script must be located in the "/etc/cron.weekly" directory.