Check: GEN002660
HP-UX 11.31 STIG:
GEN002660
(in versions v1 r19 through v1 r13)
Title
Auditing must be implemented. (Cat II impact)
Discussion
Without auditing, individual system accesses cannot be tracked and malicious activity cannot be detected and traced back to an individual account.
Check Content
Determine if auditing is enabled. # audsys If the audit service is not running, this is a finding.
Fix Text
Turn on the auditing system. The system will use existing current and next audit trails (if configured). # audsys -n Alternatively, use the HP SMH to configure and enable auditing on the system.
Additional Identifiers
Rule ID: SV-38476r1_rule
Vulnerability ID: V-811
Group Title: GEN002660
Expert Comments
Expert comments are only available to logged-in users.
CCIs
CCIs tied to check.
| Number | Definition |
|---|---|
| CCI-000169 |
The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components. |
Controls
Controls tied to check. These are derived from the CCIs shown above.
| Number | Title |
|---|---|
| AU-12 |
Audit Generation |