UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Auditing must be implemented.


Overview

Finding ID Version Rule ID IA Controls Severity
V-811 GEN002660 SV-27266r2_rule Medium
Description
Without auditing, individual system accesses cannot be tracked and malicious activity cannot be detected and traced back to an individual account.
STIG Date
SOLARIS 10 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2017-03-03

Details

Check Text ( C-28344r2_chk )
Determine the type of zone that you are currently securing.

# zonename

If the output of "zonename" is "global", then auditing must be enabled.

Determine if auditing is enabled.

# ps -ef |grep auditd

If the auditd process is not found, this is a finding.
If the output of "zonename" is not "global", then the "perzone" policy must be determined.

# auditconfig –getpolicy
audit policies = cnt,perzone

If "perzone" is not listed then this requirement is not applicable. If "perzone" is listed then determine if auditing is enabled.

# ps -ef |grep auditd

If the auditd process is not found, this is a finding.
Fix Text (F-24513r1_fix)
Use /etc/security/bsmconv to enable auditing on the system.