The Sun Ray system and user logs are not reviewed weekly.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-16413	SUN0240	SV-17406r1_rule	ECAT-1 ECAT-2	Medium

Description
If a system administrator does not review Sun Ray logs weekly, there is the potential that an attack or other security issue can go unnoticed for a week or more, which is unacceptable in DoD environments.

STIG	Date
Sun Ray 4 Policy STIG	2015-04-02

Details

Check Text ( C-17296r1_chk )
Critical Sun Ray log files are the administration, authentication, automatic mounting, mass storage devices, messages, and web administration. These logs are listed below. Ask the IAO/SA if Sun Ray logs are reviewed weekly. # ls-lL /var/opt/SUNWut/log \| less admin_log auth_log utmountd.log utstoraged.log messages utwebadmin.log If these logs are being written to an external syslog server, ask the IAO/SA if these are reviewed weekly.

Check Text ( C-17296r1_chk )

Critical Sun Ray log files are the administration, authentication, automatic mounting, mass storage devices, messages, and web administration. These logs are listed below. Ask the IAO/SA if Sun Ray logs are reviewed weekly.

# ls-lL /var/opt/SUNWut/log | less

admin_log
auth_log
utmountd.log
utstoraged.log
messages
utwebadmin.log

If these logs are being written to an external syslog server, ask the IAO/SA if these are reviewed weekly.

Fix Text (F-16439r1_fix)
Review Sun Ray logs at a minimum weekly.