Auditing must be implemented.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-811	GEN002660	SV-27266r2_rule		Medium

Description
Without auditing, individual system accesses cannot be tracked and malicious activity cannot be detected and traced back to an individual account.

STIG	Date
SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE	2016-06-22

Details

Check Text ( C-28344r2_chk )
Determine the type of zone that you are currently securing. # zonename If the output of "zonename" is "global", then auditing must be enabled. Determine if auditing is enabled. # ps -ef \|grep auditd If the auditd process is not found, this is a finding. If the output of "zonename" is not "global", then the "perzone" policy must be determined. # auditconfig –getpolicy audit policies = cnt,perzone If "perzone" is not listed then this requirement is not applicable. If "perzone" is listed then determine if auditing is enabled. # ps -ef \|grep auditd If the auditd process is not found, this is a finding.

Check Text ( C-28344r2_chk )

Determine the type of zone that you are currently securing.

# zonename

If the output of "zonename" is "global", then auditing must be enabled.

Determine if auditing is enabled.

# ps -ef |grep auditd

If the auditd process is not found, this is a finding.
If the output of "zonename" is not "global", then the "perzone" policy must be determined.

# auditconfig –getpolicy
audit policies = cnt,perzone

If "perzone" is not listed then this requirement is not applicable. If "perzone" is listed then determine if auditing is enabled.

# ps -ef |grep auditd

If the auditd process is not found, this is a finding.

Fix Text (F-24513r1_fix)
Use /etc/security/bsmconv to enable auditing on the system.