{"description": "System logs are stored in the <tt>/var/log</tt> directory.\n\nEnsure that <code>/var/log</code> has its own partition or logical\nvolume at installation time, or migrate it using LVM.", "rationale": "Placing <tt>/var/log</tt> in its own partition\nenables better separation between log files\nand other files in <tt>/var/</tt>.", "severity": "low", "references": {"cis-csc": ["1", "12", "14", "15", "16", "3", "5", "6", "8"], "cobit5": ["APO11.04", "APO13.01", "BAI03.05", "DSS05.02", "DSS05.04", "DSS05.07", "MEA02.01"], "isa-62443-2009": ["4.3.3.3.9", "4.3.3.5.8", "4.3.4.4.7", "4.4.2.1", "4.4.2.2", "4.4.2.4"], "isa-62443-2013": ["SR 2.10", "SR 2.11", "SR 2.12", "SR 2.8", "SR 2.9", "SR 3.1", "SR 3.5", "SR 3.8", "SR 4.1", "SR 4.3", "SR 5.1", "SR 5.2", "SR 5.3", "SR 7.1", "SR 7.6"], "iso27001-2013": ["A.12.4.1", "A.12.4.2", "A.12.4.3", "A.12.4.4", "A.12.7.1", "A.13.1.1", "A.13.2.1", "A.14.1.3"], "nerc-cip": ["CIP-007-3 R6.5"], "nist": ["CM-6(a)", "AU-4", "SC-5(2)"], "nist-csf": ["PR.PT-1", "PR.PT-4"], "srg": ["SRG-OS-000480-GPOS-00227"], "anssi": ["R28"], "cis": ["1.1.2.6.1"]}, "control_references": {"anssi": ["R28"], "cis": ["1.1.2.6.1"]}, "components": [], "identifiers": {}, "ocil_clause": "\"/var/log is not a mountpoint\" is returned", "ocil": "Verify that a separate file system/partition has been created for <code>/var/log</code> with the following command:\n\n<pre>$ mountpoint /var/log</pre>\n", "oval_external_content": null, "fixtext": "Migrate the \"/var/log\" path onto a separate file system.", "checktext": "", "vuldiscussion": "", "srg_requirement": "Ubuntu 22.04 must use a separate file system for /var/log.", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {"stig": {"srg_requirement": "Ubuntu 22.04 must use a separate file system for /var/log.", "vuldiscussion": "Placing \"/var/log\" in its own partition enables better separation between log files and other files in \"/var/\".", "checktext": "Verify that a separate file system/partition has been created for \"/var/log\" with the following command:\n\n$ mount | grep /var/log\n\n/dev/mapper/rhel-var_log on /var/log type xfs (rw,nosuid,nodev,noexec,relatime,seclabel,attr2,inode64,logbufs=8,logbsize=32k)\nNote: Options displayed for mount may differ.\n\nIf a separate entry for \"/var/log\" is not in use, this is a finding.", "fixtext": "Migrate the \"/var/log\" path onto a separate file system."}}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["not container"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["not_container"], "bash_conditional": null, "fixes": {}, "title": "Ensure /var/log Located On Separate Partition", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml", "template": {"name": "mount", "vars": {"mountpoint": "/var/log", "min_size": 1073741824}, "backends": {}}}