Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-4351 | GEN000000-SOL00080 | SV-4351r2_rule | ECLP-1 | Medium |
Description |
---|
The Solaris audit_user file allows for selective auditing or non-auditing of features for certain users. If it is not protected, it could be compromised and used to mask audit events. This could cause the loss of valuable forensics data in the case of a system compromise. |
STIG | Date |
---|---|
Solaris 9 SPARC Security Technical Implementation Guide | 2013-11-04 |
Check Text ( None ) |
---|
None |
Fix Text (F-4262r2_fix) |
---|
Change the group owner of the audit_user file to root, bin, or sys. Example: # chgrp root /etc/security/audit_user |