Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-12020 | GEN005440 | SV-35187r1_rule | ECSC-1 | Medium |
Description |
---|
Syslog messages are typically unencrypted and may contain sensitive information and are, therefore, restricted to the enclave. |
STIG | Date |
---|---|
HP-UX 11.23 Security Technical Implementation Guide | 2015-06-12 |
Check Text ( C-36623r2_chk ) |
---|
The syslog server's /etc/syslog.conf file must have the client(s) listed along with the logging facility. The following example is a syslog.conf entry for the syslog client machine moe.larry.com: +example.com *.* /var/adm/log/example_com.log NOTE: This will virtually always require a manual review. Ask the SA if the loghost server is collecting data for hosts outside the local enclave. If it is, this is a finding. |
Fix Text (F-31990r2_fix) |
---|
Configure hosts outside of the local enclave to not log to this system. |