Details
The auditd daemon can be configured to halt the system when the audit logs are full.
*Rationale*
In high security contexts, the risk of detecting unauthorized access or nonrepudiation
exceeds the benefit of the system’s availability.
Solution
Add the following lines to the /etc/audit/auditd.conf file.space_left_action = email
action_mail_acct = root
admin_space_left_action = halt
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.