The operating system must configure auditing to reduce the likelihood of storage capacity being exceeded.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-219996	SOL-11.1-010410	SV-219996r603268_rule		High

Description
Overflowing the audit storage area can result in a denial of service or system outage.

STIG	Date
Solaris 11 X86 Security Technical Implementation Guide	2021-11-23

Details

Check Text ( C-21706r372502_chk )
The Audit Configuration profile is required. This check applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this check applies. Check the status of the audit system. It must be auditing. # pfexec auditconfig -getplugin If the output of this command does not contain: p_fsize=4M this is a finding.

Fix Text (F-21705r372503_fix)
The Audit Control profile is required. This action applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this action applies. Set the size of a binary audit file to a specific size. The size is specified in megabytes. # pfexec auditconfig -setplugin audit_binfile p_fsize=4M Restart the audit system. # pfexec audit -s

Fix Text (F-21705r372503_fix)

The Audit Control profile is required.

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is "global", this action applies.

Set the size of a binary audit file to a specific size. The size is specified in megabytes.

# pfexec auditconfig -setplugin audit_binfile p_fsize=4M

Restart the audit system.

# pfexec audit -s