UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system syslog service must log informational and more severe SMTP service messages.


Overview

Finding ID Version Rule ID IA Controls Severity
V-836 GEN004460 SV-41546r1_rule ECAR-1 ECAR-2 ECAR-3 ECSC-1 Medium
Description
If informational and more severe SMTP service messages are not logged, malicious activity on the system may go unnoticed.
STIG Date
Solaris 9 SPARC Security Technical Implementation Guide 2012-05-25

Details

Check Text ( C-40028r1_chk )
Check the syslog configuration file for mail.crit logging configuration.

Procedure:
# more /etc/syslog.conf

Verify a line similar to one of the following lines is present in syslog.conf is configured so that critical mail log data is logged. (Critical log data may also be captured by a remote log host in accordance with GEN005460.)

mail.crit /var/adm/messages
*.crit /var/log/messages

Less severe syslog levels (err, warning, info, and debug) may be substituted for crit, since they will also capture crit level syslog messages. If syslog is not configured to log critical Sendmail messages, this is a finding.
Fix Text (F-990r2_fix)
Edit the syslog.conf file and add a configuration line specifying an appropriate destination for mail.crit syslogs.