An error occurred:

Check: SOL-11.1-010410

Solaris 11 SPARC STIG: SOL-11.1-010410 (in versions v3 r2 through v1 r10)

Title

The operating system must configure auditing to reduce the likelihood of storage capacity being exceeded. (Cat I impact)

Discussion

Overflowing the audit storage area can result in a denial of service or system outage.

Check Content

The Audit Configuration profile is required. This check applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this check applies. Check the status of the audit system. It must be auditing. # pfexec auditconfig -getplugin If the output of this command does not contain: p_fsize=4M this is a finding.

Fix Text

The Audit Control profile is required. This action applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this action applies. Set the size of a binary audit file to a specific size. The size is specified in megabytes. # pfexec auditconfig -setplugin audit_binfile p_fsize=4M Restart the audit system. # pfexec audit -s

Additional Identifiers

Rule ID: SV-219968r958752_rule

Vulnerability ID: V-219968

Group Title: SRG-OS-000341

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001849

Allocate audit log storage capacity to accommodate organization-defined audit log retention requirements.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-4

Audit Storage Capacity