Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-24357 | GEN002870 | SV-38413r1_rule | ECTB-1 | Low |
Description |
---|
Audit records contain evidence that can be used in the investigation of compromised systems. To prevent this evidence from compromise, it must be sent to a separate system continuously. Methods for sending audit records include, but are not limited to, system audit tools used to send logs directly to another host or through the system's syslog service to another host. |
STIG | Date |
---|---|
HP-UX 11.31 Security Technical Implementation Guide | 2016-12-20 |
Check Text ( C-36807r2_chk ) |
---|
The audit overflow monitor daemon (audomon) is spawned by /sbin/init.d/auditing as part of the init start-up process. The vendor (HP) recommends that a script be written to implement a long term strategy for data storage and pass it to the audomon daemon using the "-X ASK the SA if audomon is configured per the vendor's (HP) guidance to implement a long term, remote data storage strategy. |
Fix Text (F-32184r2_fix) |
---|
The audit overflow monitor daemon (audomon) is spawned by /sbin/init.d/auditing as part of the init start-up process. Create a A manual review of the |