STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 3 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Oracle Linux 7 Security Technical Implementation Guide

V-221756

CAT III (Low)

The Oracle Linux operating system must use a separate file system for the system audit data path large enough to hold at least one week of audit data.

Rule ID

SV-221756r958752_rule

STIG

Oracle Linux 7 Security Technical Implementation Guide

Version

V3R5

CCIs

CCI-001849

Discussion

The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.

Check Content

Determine if the operating system is configured to have the "/var/log/audit" path is on a separate file system.

# grep /var/log/audit /etc/fstab

If no result is returned, or the operating system is not configured to have "/var/log/audit" on a separate file system, this is a finding.

Verify that "/var/log/audit" is mounted on a separate file system:

# mount | grep "/var/log/audit"

If no result is returned, or "/var/log/audit" is not on a separate file system, this is a finding.

Verify the size of the audit file system:

# df -h /var/log/audit

If the size is insufficient for a week of audit data, this is a finding.

Fix Text

Migrate the system audit data path onto an appropriately sized separate file system to store at least one week of audit records.