An error occurred:

Check: GEN004460

HP-UX 11.31 STIG: GEN004460 (in versions v1 r19 through v1 r13)

Title

The system syslog service must log informational and more severe SMTP service messages. (Cat II impact)

Discussion

If informational and more severe SMTP service messages are not logged, malicious activity on the system may go unnoticed.

Check Content

The syslog.conf file critical mail logging option line will typically appear as one of the following examples: mail.crit /var/adm/messages mail.* /var/adm/messages *.* /var/adm/messages *.crit /var/adm/messages Check the syslog configuration file for mail.crit logging configuration. # cat /etc/syslog.conf | tr '\011' ' ' | tr -s ' ' | sed -e 's/^[ \t]*//' | grep -v "^#" | egrep -i "mail.crit|mail.\*|\*.crit|\*.\*" If syslog is not configured to log critical sendmail messages, this is a finding.

Fix Text

Edit the syslog.conf file and add a configuration line specifying an appropriate destination for critical "mail" syslogs, for example: mail.crit /var/adm/messages mail.* /var/adm/messages *.* /var/adm/messages *.crit /var/adm/messages

Additional Identifiers

Rule ID: SV-35051r1_rule

Vulnerability ID: V-836

Group Title: GEN004460

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000126

The organization determines that the organization-defined subset of the auditable events defined in AU-2 are to be audited within the information system.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-2

Audit Events