Title

The Sun Ray server logs are more permissive than 640. (Cat II impact)

Discussion

The Sun Ray server logs should be appropriately secured, having file permissions that restrict unauthorized changes or viewing. Unauthorized users accessing the audit logs may delete, modify, or change data within the logs for malicious purposes. Any alternation in the audit logs will not give the system administrator an accurate history of the events that occurred.

Check Content

On the Sun Ray server perform the following: # ls -al /var/opt/SUNWut/log | less Log files that should be 640: admin_log auth_log utmountd.log utstoraged.log messages utwebadmin.log If any of the audit log file permissions are greater than 640, this is a finding. If the audit logs are on an external syslog server, ensure permissions are 640. If they are not, this is a finding.

Fix Text

Configure the Sun Ray server logs permissions to 640.

Additional Identifiers

Rule ID:

Vulnerability ID: V-16158

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.