STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide

V-260587

CAT III (Low)

Ubuntu 22.04 LTS must have a crontab script running weekly to offload audit events of standalone systems.

Rule ID

SV-260587r959008_rule

STIG

Canonical Ubuntu 22.04 LTS Security Technical Implementation Guide

Version

V2R8

CCIs

CCI-001851

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.

Check Content

Verify there is a script that offloads audit data and that script runs weekly by using the following command: 
 
Note: If the system is not connected to a network, this requirement is not applicable. 
  
     $ ls /etc/cron.weekly 
     <audit_offload_script_name> 
  
Check if the script inside the file does offloading of audit logs to external media.  
  
If the script file does not exist or does not offload audit logs, this is a finding.

Fix Text

Create a script that offloads audit logs to external media and runs weekly.  
  
The script must be located in the "/etc/cron.weekly" directory.