The Sun Ray server logs are more permissive than 640.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16158 | SUN0250 | SV-17147r1_rule | ECAN-1 ECCD-1 ECCD-2 | Medium |
| Description |
|---|
| The Sun Ray server logs should be appropriately secured, having file permissions that restrict unauthorized changes or viewing. Unauthorized users accessing the audit logs may delete, modify, or change data within the logs for malicious purposes. Any alternation in the audit logs will not give the system administrator an accurate history of the events that occurred. |
| STIG | Date |
|---|---|
| Sun Ray 4 STIG | 2015-04-02 |
Details
| Check Text ( C-17195r1_chk ) |
|---|
| On the Sun Ray server perform the following: # ls -al /var/opt/SUNWut/log | less Log files that should be 640: admin_log auth_log utmountd.log utstoraged.log messages utwebadmin.log If any of the audit log file permissions are greater than 640, this is a finding. If the audit logs are on an external syslog server, ensure permissions are 640. If they are not, this is a finding. |
| Fix Text (F-16263r1_fix) |
|---|
| Configure the Sun Ray server logs permissions to 640. |