UCF STIG Viewer Logo

The audit system must identify in which zone an event occurred.


Overview

Finding ID Version Rule ID IA Controls Severity
V-216477 SOL-11.1-100040 SV-216477r603267_rule Low
Description
Tracking the specific Solaris zones in the audit trail reduces the time required to determine the cause of a security event.
STIG Date
Solaris 11 SPARC Security Technical Implementation Guide 2022-11-18

Details

Check Text ( C-17713r371513_chk )
This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

List the non-global zones on the system.

# zoneadm list -vi | grep -v global

The Audit Configuration profile is required.

Determine whether the "zonename" auditing policy is in effect.

# pfexec auditconfig -getpolicy | grep active | grep zonename

If no output is returned, this is a finding.
Fix Text (F-17711r371514_fix)
This check applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this check applies.

List the non-global zones on the system.

# zoneadm list -vi | grep -v global

The Audit Configuration profile is required.

Enable the "zonename" auditing policy.

# pfexec auditconfig -setpolicy +zonename