Check: GEN003160
HP-UX 11.31 STIG:
GEN003160
(in versions v1 r19 through v1 r13)
Title
Cron logging must be implemented. (Cat II impact)
Discussion
Cron logging can be used to trace the successful or unsuccessful execution of cron jobs. It can also be used to spot intrusions into the use of the cron facility by unauthorized and malicious users.
Check Content
# ls -lL /var/adm/cron/log If this file does not exist, or has a timestamp older than the last cron job, this is a finding.
Fix Text
Enable cron/logging on the system via: # /sbin/init.d/cron stop # mv <current cron log> <to a new location and new name> # /sbin/init.d/cron start # more /var/adm/cron/log Cron automatically handles its own logging function and (at least) the Start Time should be visible at the beginning of the new log file /var/adm/cron/log.
Additional Identifiers
Rule ID: SV-38549r1_rule
Vulnerability ID: V-982
Group Title: GEN003160
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000126 |
The organization determines that the organization-defined subset of the auditable events defined in AU-2 are to be audited within the information system. |
Controls
Number | Title |
---|---|
AU-2 |
Audit Events |