Check: GEN002760
HP-UX 11.31 STIG:
GEN002760
(in versions v1 r19 through v1 r13)
Title
The audit system must be configured to audit all administrative, privileged, and security actions. (Cat II impact)
Discussion
If the system is not configured to audit certain activities and write them to an audit log, it is more difficult to detect and track system compromises and damages incurred during a system compromise.
Check Content
Check the auditing configuration of the system. # grep -i audevent_args1 /etc/rc.config.d/auditing | grep admin # grep -i audevent_args1 /etc/rc.config.d/auditing | grep removable If no results are returned for either of these commands, this is a finding.
Fix Text
Edit /etc/rc.config.d/auditing and add -e admin and -e removable to the end of the AUDEVENT_ARGS1 parameter.
Additional Identifiers
Rule ID: SV-38481r1_rule
Vulnerability ID: V-816
Group Title: GEN002760
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000347 |
The organization employs automated mechanisms to support auditing of the enforcement actions. |
Controls
Number | Title |
---|---|
No controls are assigned to this check |