UCF STIG Viewer Logo

The /etc/security/audit_user file must not define a different auditing level for specific users.


Overview

Finding ID Version Rule ID IA Controls Severity
V-227533 GEN000000-SOL00040 SV-227533r603266_rule Medium
Description
The audit_user file may be used to selectively audit more, or fewer, auditing features for specific individuals. If used this way it could subject the activity to a lawsuit and could cause the loss of valuable auditing data in the case of a system compromise. If an item is audited for one individual (other than for root and administrative users - who have more auditing features) it must be audited for all.
STIG Date
Solaris 10 X86 Security Technical Implementation Guide 2020-12-04

Details

Check Text ( C-29695r488126_chk )
Perform:

# more /etc/security/audit_user

If /etc/security/audit_user has entries other than root, ensure the users defined are audited with the same flags as all users as defined in /etc/security/audit_control file.
Fix Text (F-29683r488127_fix)
Edit the audit_user file and remove specific user configurations differing from the global audit settings.