Check: GEN002719
Solaris 9 X86 STIG:
GEN002719
(in version v1 r9)
Title
The audit system must alert the SA in the event of an audit processing failure. (Cat III impact)
Discussion
An accurate and current audit trail is essential for maintaining a record of system activity. If the system fails, the SA must be notified and must take prompt action to correct the problem. Minimally, the system must log this event and the SA will receive this notification during the daily system log review. If feasible, active alerting (such as email or paging) should be employed consistent with the site’s established operations management systems and procedures.
Check Content
Verify the presence of an audit_warn entry in /etc/mail/aliases. # grep audit_warn /etc/mail/aliases If there is no audit_warn entry in /etc/mail/aliases, this is a finding.
Fix Text
Add an audit_warn alias to /etc/mail/aliases that will forward to designated system administrator(s). # vi /etc/mail/aliases Put the updated aliases file into service. # newaliases
Additional Identifiers
Rule ID: SV-40562r1_rule
Vulnerability ID: V-22374
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000139 |
The information system alerts designated organization-defined personnel or roles in the event of an audit processing failure. |
Controls
Number | Title |
---|---|
AU-5 |
Response To Audit Processing Failures |