Check: AIX7-00-002036
IBM AIX 7.x STIG:
AIX7-00-002036
(in versions v3 r1 through v1 r1)
Title
AIX must provide a report generation function that supports on-demand audit review and analysis, on-demand reporting requirements, and after-the-fact investigations of security incidents. (Cat II impact)
Discussion
The report generation capability must support on-demand review and analysis in order to facilitate the organization's ability to generate incident reports, as needed, to better handle larger-scale or more complex security incidents. If the report generation capability does not support after-the-fact investigations, it is difficult to establish, correlate, and investigate the events leading up to an outage or attack, or identify those responses for one. This capability is also required to comply with applicable Federal laws and DoD policies. Report generation must be capable of generating on-demand (i.e., customizable, ad hoc, and as-needed) reports. On-demand reporting allows personnel to report issues more rapidly to more effectively meet reporting requirements. Collecting log data and aggregating it to present the data in a single, consolidated report achieves this objective. Satisfies: SRG-OS-000350-GPOS-00138, SRG-OS-000351-GPOS-00139, SRG-OS-000352-GPOS-00140
Check Content
Check to see if the application for generating audit reports exists ("/usr/sbin/auditpr"): # ls -l /usr/sbin/auditpr -r-sr-x--- 1 root audit 54793 Feb 14 2017 /usr/sbin/auditpr If the file does not exist, this is a finding.
Fix Text
Use the installp command to install a fileset (assume cd is mounted). # installp -aXYqg -d /dev/cd0 bos.rte.security
Additional Identifiers
Rule ID: SV-215254r958770_rule
Vulnerability ID: V-215254
Group Title: SRG-OS-000350-GPOS-00138
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001878 |
Provide a report generation capability that supports on-demand audit review and analysis. |
CCI-001879 |
Provide a report generation capability that supports on-demand reporting requirements. |
CCI-001880 |
Provide a report generation capability that supports after-the-fact investigations of security incidents. |
Controls
Number | Title |
---|---|
AU-7 |
Audit Reduction and Report Generation |