UCF STIG Viewer Logo

The audit system must maintain a central audit trail for all zones.


Overview

Finding ID Version Rule ID IA Controls Severity
V-216478 SOL-11.1-100050 SV-216478r603267_rule Low
Description
Centralized auditing simplifies the investigative process to determine the cause of a security event.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2021-11-23

Details

Check Text ( C-17714r371516_chk )
This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

List the non-global zones on the system.

# zoneadm list -vi | grep -v global

The Audit Configuration profile is required.

Determine whether the "perzone" auditing policy is in effect.

# pfexec auditconfig -getpolicy | grep active | grep perzone

If output is returned, this is a finding.
Fix Text (F-17712r371517_fix)
This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

List the non-global zones on the system.

# zoneadm list -vi | grep -v global

The Audit Configuration profile is required.

Disable the "perzone" auditing policy.

# pfexec auditconfig -setpolicy -perzone