Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-941 | GEN006600 | SV-941r2_rule | ECAR-1 ECAR-2 ECAR-3 | Medium |
Description |
---|
If access attempts are not logged, then multiple attempts to log on to the system by an unauthorized user may go undetected. |
STIG | Date |
---|---|
UNIX SRG | 2013-03-26 |
Check Text ( C-888r2_chk ) |
---|
Normally, TCPD logs to the mail facility in /etc/syslog.conf. Determine if syslog is configured to log events by TCPD. Procedure: # more /etc/syslog.conf Look for entries similar to the following: mail.debug /var/adm/maillog mail.none /var/adm/maillog mail.* /var/log/mail auth.info /var/log/messages The above entries would indicate mail alerts are being logged. If no entries for mail exist, then TCPD is not logging and this is a finding. |
Fix Text (F-1095r2_fix) |
---|
Configure the access restriction program to log every access attempt. Ensure the implementation instructions for TCP_WRAPPERS are followed, so system access attempts are logged into the system log files. If an alternate application is used, it must support this function. |