An error occurred:

Check: SOL-11.1-010420

Solaris 11 SPARC STIG: SOL-11.1-010420 (in versions v2 r10 through v1 r15)

Title

The operating system must shut down by default upon audit failure (unless availability is an overriding concern). (Cat II impact)

Discussion

Continuing to operate a system without auditing working properly can result in undocumented access or system changes.

Check Content

The Audit Configuration profile is required. This check applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this check applies. # pfexec auditconfig -getpolicy | grep ahlt If the output does not include "ahlt" as an active audit policy, this is a finding. # pfexec auditconfig -getpolicy | grep active | grep cnt If the output includes "cnt" as an active audit policy, this is a finding.

Fix Text

The Audit Configuration profile is required. This action applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this action applies. Set audit policy to halt and suspend on failure. # pfexec auditconfig -setpolicy +ahlt # pfexec auditconfig -setpolicy -cnt

Additional Identifiers

Rule ID: SV-216276r603267_rule

Vulnerability ID: V-216276

Group Title: SRG-OS-000047

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000140

The information system takes organization-defined actions upon audit failure (e.g., shut down information system, overwrite oldest audit records, stop generating audit records).

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-5

Response To Audit Processing Failures