UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must only use remote syslog servers (log hosts) justified and documented using site-defined procedures.


Overview

Finding ID Version Rule ID IA Controls Severity
V-4395 GEN005460 SV-4395r2_rule ECSC-1 Medium
Description
If a remote log host is in use and it has not been justified and documented with the IAO, sensitive information could be obtained by unauthorized users without the SA's knowledge. A remote log host is any host to which the system is sending syslog messages over a network.
STIG Date
Solaris 9 X86 Security Technical Implementation Guide 2012-05-25

Details

Check Text ( C-8274r2_chk )
Examine the syslog.conf file for any references to remote log hosts.
# grep -v "^#" /etc/syslog.conf | grep '@'
Destination locations beginning with an @ represent log hosts. If the log host name is a local alias, such as log host, consult the /etc/hosts or other name databases as necessary to obtain the canonical name or address for the log host. Determine if the host referenced is a log host documented using site-defined procedures. If an undocumented log host is referenced, this is a finding.
Fix Text (F-4306r3_fix)
Remove, replace, or document the referenced undocumented log host.