UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The audit system must alert the SA in the event of an audit processing failure.


Overview

Finding ID Version Rule ID IA Controls Severity
V-22374 GEN002719 SV-40562r1_rule ECAT-1 Low
Description
An accurate and current audit trail is essential for maintaining a record of system activity. If the system fails, the SA must be notified and must take prompt action to correct the problem. Minimally, the system must log this event and the SA will receive this notification during the daily system log review. If feasible, active alerting (such as email or paging) should be employed consistent with the site’s established operations management systems and procedures.
STIG Date
Solaris 10 X86 Security Technical Implementation Guide 2014-01-09

Details

Check Text ( C-39326r1_chk )
Verify the presence of an audit_warn entry in /etc/mail/aliases.

# grep audit_warn /etc/mail/aliases

If there is no audit_warn entry in /etc/mail/aliases, this is a finding.
Fix Text (F-34432r1_fix)
Add an audit_warn alias to /etc/mail/aliases that will forward to designated system administrator(s).

# vi /etc/mail/aliases

Put the updated aliases file into service.

# newaliases