UCF STIG Viewer Logo

The system's access control program must log each system access attempt.


Overview

Finding ID Version Rule ID IA Controls Severity
V-941 GEN006600 SV-941r2_rule ECAR-2 ECAR-3 ECAR-1 Medium
Description
If access attempts are not logged, then multiple attempts to log on to the system by an unauthorized user may go undetected.
STIG Date
SOLARIS 9 X86 SECURITY TECHNICAL IMPLEMENTATION GUIDE 2015-10-01

Details

Check Text ( C-888r2_chk )
Normally, TCPD logs to the mail facility in /etc/syslog.conf. Determine if syslog is configured to log events by TCPD.

Procedure:
# more /etc/syslog.conf

Look for entries similar to the following:
mail.debug /var/adm/maillog
mail.none /var/adm/maillog
mail.* /var/log/mail
auth.info /var/log/messages

The above entries would indicate mail alerts are being logged. If no entries for mail exist, then TCPD is not logging and this is a finding.
Fix Text (F-1095r2_fix)
Configure the access restriction program to log every access attempt. Ensure the implementation instructions for TCP_WRAPPERS are followed, so system access attempts are logged into the system log files. If an alternate application is used, it must support this function.