Check: AIX7-00-002057
IBM AIX 7.x STIG:
AIX7-00-002057
(in versions v3 r1 through v1 r1)
Title
AIX audit logs must be rotated daily. (Cat II impact)
Discussion
Rotate audit logs daily to preserve audit file system space and to conform to the DoD/DISA requirement. If it is not rotated daily and moved to another location, then there is more of a chance for the compromise of audit data by malicious users.
Check Content
Check for any "crontab" entries that rotate audit logs: # crontab -l 30 23 * * * /root/logrotate.sh #Daily log rotation script If such a cron job is found, this is not a finding. Otherwise, query the SA. If there is a process automatically rotating audit logs, this is not a finding. If the SA manually rotates audit logs, this is a finding. If the audit output is not archived daily, to tape or disk, this is a finding. Review the audit log directory. If more than one file is there, or if the file does not have today's date, this is a finding.
Fix Text
Configure a cron job or other automated process to rotate the audit logs on a daily basis.
Additional Identifiers
Rule ID: SV-215256r991589_rule
Vulnerability ID: V-215256
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
Implement the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |