Check: GEN003800
SUSE Linux Enterprise Server v11 for System z STIG:
GEN003800
(in versions v1 r12 through v1 r9)
Title
Inetd or xinetd logging/tracing must be enabled. (Cat III impact)
Discussion
Inetd or xinetd logging and tracing allows the system administrators to observe the IP addresses connecting to their machines and what network services are being sought. This provides valuable information when trying to find the source of malicious users and potential malicious users.
Check Content
The /etc/xinetd.conf file and each file in the /etc/xinetd.d directory file should be examined for the following: Procedure: log_type = SYSLOG authpriv log_on_success = HOST PID USERID EXIT log_on_failure = HOST USERID If xinetd is running and logging is not enabled, this is a finding.
Fix Text
Edit each file in the /etc/xinetd.d directory and the /etc/xinetd.conf file to contain: log_type = SYSLOG authpriv log_on_success = HOST PID USERID EXIT log_on_failure = HOST USERID The /etc/xinetd.conf file contains default values that will hold true for all services unless individually modified in the service's xinetd.d file.
Additional Identifiers
Rule ID: SV-45783r1_rule
Vulnerability ID: V-1011
Group Title: GEN003800
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000134 |
The information system generates audit records containing information that establishes the outcome of the event. |
Controls
| Number | Title |
|---|---|
| AU-3 |
Content Of Audit Records |