An error occurred:

Check: GEN000000-HPUX0040

HP-UX 11.23 STIG: GEN000000-HPUX0040 (in version v1 r8)

Title

The HP-UX AUDOMON_ARGS attribute must be explicitly initialized. (Cat II impact)

Discussion

The minimal set of auditing requirements necessary to collect useful forensics data and provide user help when violations are detected must be configured.

Check Content

Check the /etc/rc.config.d/auditing file AUDOMON_ARGS settings: # cat /etc/rc.config.d/auditing | tr “\011” “ “ | tr -s “ “ | sed -e 's/^[ \t]*//' grep -v “#” The above command should return a single line with the following information: AUDOMON_ARGS=“-p 20, -t 1, -w 90” If “p”, “t”, or “w” flags are not set to “20”, “1”, and “90”, respectively, this is a finding.

Fix Text

Edit the /etc/rc.config.d/auditing file and insert the following line: AUDOMON_ARGS=“-p 20, -t 1, -w 90” Restart auditing: # /sbin/init.d/auditing stop # /sbin/init.d/auditing start

Additional Identifiers

Rule ID: SV-38429r2_rule

Vulnerability ID: V-4290

Group Title: GEN000000-HPUX0040

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000126

Specify the organization-defined event types (subset of the event types defined in AU-2a) along with the frequency of (or situation requiring logging for each identified event type.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-2

Audit Events