STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 4 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide

V-270817

CAT III (Low)

Ubuntu 24.04 LTS must have a crontab script running weekly to offload audit events of standalone systems.

Rule ID

SV-270817r1066940_rule

STIG

Canonical Ubuntu 24.04 LTS Security Technical Implementation Guide

Version

V1R5

CCIs

CCI-001851

Discussion

Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity.

Check Content

Note: If this is an interconnected system, this is not applicable.
 
Verify there is a script that offloads audit data and that script runs weekly with the following command:

$ ls /etc/cron.weekly 
audit-offload 
 
Check if the script inside the file offloads audit logs to external media. 
 
If the script file does not exist or does not offload audit logs, this is a finding.

Fix Text

Create a script that offloads audit logs to external media and runs weekly. 
 
The script must be located in the "/etc/cron.weekly" directory.