Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The /etc/security/audit_user file must not define a different auditing level for specific users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-4353 | GEN000000-SOL00040 | SV-4353r2_rule | ECAR-1 ECAR-2 ECAR-3 | Medium |
| Description |
|---|
| The audit_user file may be used to selectively audit more, or fewer, auditing features for specific individuals. If used this way it could subject the activity to a lawsuit and could cause the loss of valuable auditing data in the case of a system compromise. If an item is audited for one individual (other than for root and administrative users - who have more auditing features) it must be audited for all. |
| STIG | Date |
|---|---|
| SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE | 2016-06-22 |
Details
| Check Text ( C-8281r2_chk ) |
|---|
| Perform: # more /etc/security/audit_user If /etc/security/audit_user has entries other than root, ensure the users defined are audited with the same flags as all users as defined in /etc/security/audit_control file. |
| Fix Text (F-4264r2_fix) |
|---|
| Edit the audit_user file and remove specific user configurations differing from the global audit settings. |