Description of problem:
After system is hardened with hipaa profile and rebooted, journal contains error (kauditd hold queue overflow) which indicates that kernel's internal buffer for storing audit events has filled up.
SCAP Security Guide Version:
master
Operating System Version:
RHEL 9, RHEL 10
Steps to Reproduce:
- Run
/scanning/boot-errors/hipaa test.
Actual Results:
kernel: audit: kauditd hold queue overflow
Expected Results:
No failure after hardening.
Description of problem:
After system is hardened with
hipaaprofile and rebooted, journal contains error (kauditd hold queue overflow) which indicates that kernel's internal buffer for storing audit events has filled up.SCAP Security Guide Version:
master
Operating System Version:
RHEL 9, RHEL 10
Steps to Reproduce:
/scanning/boot-errors/hipaatest.Actual Results:
Expected Results:
No failure after hardening.