The audit system must alert the SA when the audit storage volume approaches its capacity.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-47835	SOL-11.1-010370	SV-60709r1_rule		Medium

Description
Filling the audit storage area can result in a denial of service or system outage and can lead to events going undetected.

STIG	Date
Solaris 11 SPARC Security Technical Implementation Guide	2017-01-27

Details

Check Text ( None )
None

Fix Text (F-51453r1_fix)
The root role is required. This action applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this action applies. Add an audit_warn alias to /etc/mail/aliases that will forward to designated system administrator(s). # pfedit /etc/mail/aliases Insert a line in the form: audit_warn:user1,user2 Put the updated aliases file into service. # newaliases

Fix Text (F-51453r1_fix)

The root role is required.

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this action applies.

Add an audit_warn alias to /etc/mail/aliases that will forward to designated system administrator(s).

# pfedit /etc/mail/aliases

Insert a line in the form:
audit_warn:user1,user2

Put the updated aliases file into service.
# newaliases