Navigate

Check: GEN005450

Solaris 10 X86 STIG: GEN005450 (in versions v2 r4 through v1 r17)

Title

The system must use a remote syslog server (log host). (Cat II impact)

Discussion

A syslog server (log host) receives syslog messages from one or more systems. This data can be used as an authoritative log source in the event a system is compromised and its local logs are suspect.

Check Content

Check the syslog configuration file for remote syslog servers. # grep '@' /etc/syslog.conf | grep -v '^#' If no line is returned, this is a finding.

Fix Text

Edit the syslog configuration file and add an appropriate remote syslog server.

Additional Identifiers

Rule ID: SV-227889r603266_rule

Vulnerability ID: V-227889

Group Title: SRG-OS-000215

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001348	Store audit records on an organization-defined frequency in a repository that is part of a physically different system or system component than the system or component being audited.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-9(2)	Store on Separate Physical Systems or Components