The system syslog service must log informational and more severe SMTP service messages.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-836	GEN004460	SV-41546r1_rule	ECAR-2 ECAR-1 ECAR-3 ECSC-1	Medium

Description
If informational and more severe SMTP service messages are not logged, malicious activity on the system may go unnoticed.

STIG	Date
SOLARIS 9 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE	2015-10-01

Details

Check Text ( C-40028r1_chk )
Check the syslog configuration file for mail.crit logging configuration. Procedure: # more /etc/syslog.conf Verify a line similar to one of the following lines is present in syslog.conf is configured so that critical mail log data is logged. (Critical log data may also be captured by a remote log host in accordance with GEN005460.) mail.crit /var/adm/messages *.crit /var/log/messages Less severe syslog levels (err, warning, info, and debug) may be substituted for crit, since they will also capture crit level syslog messages. If syslog is not configured to log critical Sendmail messages, this is a finding.

Check Text ( C-40028r1_chk )

Check the syslog configuration file for mail.crit logging configuration.

Procedure:
# more /etc/syslog.conf

Verify a line similar to one of the following lines is present in syslog.conf is configured so that critical mail log data is logged. (Critical log data may also be captured by a remote log host in accordance with GEN005460.)

mail.crit /var/adm/messages
*.crit /var/log/messages

Less severe syslog levels (err, warning, info, and debug) may be substituted for crit, since they will also capture crit level syslog messages. If syslog is not configured to log critical Sendmail messages, this is a finding.

Fix Text (F-990r2_fix)
Edit the syslog.conf file and add a configuration line specifying an appropriate destination for mail.crit syslogs.