Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-227606 | GEN001060 | SV-227606r603266_rule | Medium |
Description |
---|
If successful and unsuccessful logins and logouts are not monitored or recorded, access attempts cannot be tracked. Without this logging, it may be impossible to track unauthorized access to the system. |
STIG | Date |
---|---|
Solaris 10 X86 Security Technical Implementation Guide | 2020-12-04 |
Check Text ( C-29768r488375_chk ) |
---|
Check the following log files to determine if access to the root account is being logged. Try to su - and enter an incorrect password. # more /var/adm/sulog If root login accounts are not being logged, this is a finding. |
Fix Text (F-29756r488376_fix) |
---|
Update /etc/default/su and set SYSLOG=YES. Ensure /etc/syslog.conf is configured to log auth.crit messages to capture all failed su attempts. |