Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16157 | SUN0230 | SV-17146r1_rule | ECAR-1 ECAR-2 ECAR-3 | Medium |
Description |
---|
Logs form a recorded history or audit trail of the Sun Ray server system events, making it easier for system administrators to track down intermittent problems, review past events, and piece together information if an investigation is required. Without this recorded history, potential attacks and suspicious activity will go unnoticed. Logging must be comprehensive to be useful for both intrusion monitoring and security investigations. Setting logging at the severity notice should capture most relevant events without requiring unacceptable levels of data storage. The severity levels notice and debug are also available to organizations that require additional logging for certain events or applications. |
STIG | Date |
---|---|
Sun Ray 4 STIG | 2015-04-02 |
Check Text ( C-17194r1_chk ) |
---|
1. Verify that syslogd is running on the system. Perform the following: # ps –ef | grep syslogd If nothing is returned, this is a finding. 2. Verify /etc/syslog.conf is configured with the following entries: # cat /etc/syslog.conf User.info /var/opt/SUNWut/log/messages Local1.info /var/opt/SUNWut/log/admin_log If these two entries are missing, this is a finding. 3. Critical Sun Ray log files are the administration, authentication, automatic mounting, mass storage devices, messages, and web administration. Significant activity is recorded in the following log files. Verify that these files are being written to by performing the following: # ls -Ll /var/opt/SUNWut/log | awk ‘{if ($5 ~ /^0$/ print}’ If any of the following log files are returned this is a finding. admin_log auth_log utmountd.log utstoraged.log messages utwebadmin.log Example of log file with zero byte (0) size. (i.e. –rw-r----- 1 root utadmin 0 Jun 29 utmountd.log) If these logs are being written to an external syslog server, review that server to ensure the logs are being recorded. |
Fix Text (F-16262r1_fix) |
---|
Record Sun Ray server activity to log files. |