Title

The audit system must maintain a central audit trail for all zones. (Cat III impact)

Discussion

Centralized auditing simplifies the investigative process to determine the cause of a security event.

Check Content

This check applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this check applies. List the non-global zones on the system. # zoneadm list -vi | grep -v global The Audit Configuration profile is required. Determine whether the "perzone" auditing policy is in effect. # pfexec auditconfig -getpolicy | grep active | grep perzone If output is returned, this is a finding.

Fix Text

This check applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this check applies. List the non-global zones on the system. # zoneadm list -vi | grep -v global The Audit Configuration profile is required. Disable the "perzone" auditing policy. # pfexec auditconfig -setpolicy -perzone

Additional Identifiers

Rule ID: SV-216478r959010_rule

Vulnerability ID: V-216478

Group Title: SRG-OS-000480

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.