Check: GEN002860
HP-UX 11.23 STIG:
GEN002860
(in version v1 r8)
Title
Audit logs must be rotated daily. (Cat II impact)
Discussion
Rotate audit logs daily to preserve audit file system space and to conform to the DoD requirement. If it is not rotated daily and moved to another location, then there is more of a chance for the compromise of audit data by malicious users.
Check Content
Check for a crontab entry that rotates audit logs. # crontab -l If any cron job to rotate audit logs is found, this is not a finding. Otherwise, query the SA. If there is a process that automatically rotates audit logs, this is not a finding. If the SA manually rotates audit logs, this is still a finding, because if the SA is not there, it will not be accomplished. If the audit output is not archived daily, to tape or disk, this is a finding. This can be ascertained by looking at the audit log directory and, if more than one file is there, or if the file does not have today's date, this is a finding.
Fix Text
Configure a cron job or other automated process to rotate the audit logs on a daily basis.
Additional Identifiers
Rule ID: SV-38427r1_rule
Vulnerability ID: V-4357
Group Title: GEN002860
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |