Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must only use remote syslog servers (log hosts) justified and documented using site-defined procedures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4395 | GEN005460 | SV-35192r1_rule | ECSC-1 | Medium |
| Description |
|---|
| If a remote log host is in use and it has not been justified and documented with the IAO, sensitive information could be obtained by unauthorized users without the SA's knowledge. A remote log host is any host to which the system is sending syslog messages over a network. |
| STIG | Date |
|---|---|
| HP-UX 11.31 Security Technical Implementation Guide | 2018-03-01 |
Details
| Check Text ( C-35037r1_chk ) |
|---|
| Examine the syslog.conf file for any references to remote log hosts. # cat /etc/syslog.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v '^#' | grep "\@" Destinations beginning with the @ symbol represent log hosts. If the log host name is a local alias such as loghost, consult the /etc/hosts or other name databases as necessary to obtain the canonical name or address for the log host. Determine if the host referenced is a log host documented using site-defined procedures. If an undocumented log host is referenced, this is a finding. |
| Fix Text (F-30328r1_fix) |
|---|
| Remove or document the referenced undocumented log host. |