UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Sun Ray server does not record log files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-16157 SUN0230 SV-17146r1_rule ECAR-1 ECAR-2 ECAR-3 Medium
Description
Logs form a recorded history or audit trail of the Sun Ray server system events, making it easier for system administrators to track down intermittent problems, review past events, and piece together information if an investigation is required. Without this recorded history, potential attacks and suspicious activity will go unnoticed. Logging must be comprehensive to be useful for both intrusion monitoring and security investigations. Setting logging at the severity notice should capture most relevant events without requiring unacceptable levels of data storage. The severity levels notice and debug are also available to organizations that require additional logging for certain events or applications.
STIG Date
Sun Ray 4 STIG 2015-04-02

Details

Check Text ( C-17194r1_chk )
1. Verify that syslogd is running on the system. Perform the following:
# ps –ef | grep syslogd

If nothing is returned, this is a finding.

2. Verify /etc/syslog.conf is configured with the following entries:
# cat /etc/syslog.conf
User.info /var/opt/SUNWut/log/messages
Local1.info /var/opt/SUNWut/log/admin_log

If these two entries are missing, this is a finding.

3. Critical Sun Ray log files are the administration, authentication, automatic mounting, mass storage devices, messages, and web administration. Significant activity is recorded in the following log files. Verify that these files are being written to by performing the following:

# ls -Ll /var/opt/SUNWut/log | awk ‘{if ($5 ~ /^0$/ print}’

If any of the following log files are returned this is a finding.
admin_log
auth_log
utmountd.log
utstoraged.log
messages
utwebadmin.log

Example of log file with zero byte (0) size.
(i.e. –rw-r----- 1 root utadmin 0 Jun 29 utmountd.log)

If these logs are being written to an external syslog server, review that server to ensure the logs are being recorded.
Fix Text (F-16262r1_fix)
Record Sun Ray server activity to log files.