Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-226406 | GEN000000-SOL00040 | SV-226406r603265_rule | Medium |
Description |
---|
The audit_user file may be used to selectively audit more, or fewer, auditing features for specific individuals. If used this way it could subject the activity to a lawsuit and could cause the loss of valuable auditing data in the case of a system compromise. If an item is audited for one individual (other than for root and administrative users - who have more auditing features) it must be audited for all. |
STIG | Date |
---|---|
Solaris 10 SPARC Security Technical Implementation Guide | 2022-09-07 |
Check Text ( C-28567r482573_chk ) |
---|
Perform: # more /etc/security/audit_user If /etc/security/audit_user has entries other than root, ensure the users defined are audited with the same flags as all users as defined in /etc/security/audit_control file. |
Fix Text (F-28555r482574_fix) |
---|
Edit the audit_user file and remove specific user configurations differing from the global audit settings. |