Check: SUN0260
Sun Ray 4 STIG:
SUN0260
(in version v1 r2)
Title
The Sun Ray audit logs are not retained for a minimum of one year. (Cat II impact)
Discussion
Storing log files for at least a year provides a way to recover these files in case an investigation is necessary. Typically these files are stored offline on tape media or external networks. Log files enable the enforcement of individual accountability by creating a reconstruction of events. They also assist in problem identification that may lead to problem resolution. If these log files are not retained, there is no way to trace or reconstruct the events, and if it was discovered the network was hacked, there would be no way to trace the full extent of the compromise. The Sun Ray audit logs should be appropriately backed-up and stored in order for them to be examined at a future time. If audit logs are unavailable to be viewed at a later time, system compromises and/or attacks will not be traceable. Therefore, Sun Ray audit logs will retained for a minimum of 1 year.
Check Content
Ask the IAO/SA where the Sun Ray system audit logs are stored. If they are offsite, review the process to move them to the alternative site. Verify that the audit data is retained for a minimum of one year by reviewing the dates of the oldest backup files or media. Audit data that should be retained include the following files on the Sun Ray server: (These files maybe at a different location for a remote syslog server.) /var/opt/SUNWut/log/admin_log /var/opt/SUNWut/log/auth_log /var/opt/SUNWut/log/utmountd.log /var/opt/SUNWut/log/utstoraged.log /var/opt/SUNWut/log/messages /var/opt/SUNWut/log/utwebadmin.log
Fix Text
Retain all audit data for a minimum of one year.
Additional Identifiers
Rule ID:
Vulnerability ID: V-16159
Group Title:
Expert Comments
CCIs
Number | Definition |
---|---|
No CCIs are assigned to this check |
Controls
Number | Title |
---|---|
No controls are assigned to this check |