Check: 2.007
Windows 2003 MS STIG:
2.007
(in version v6 r37)
Title
File-auditing configuration does not meet minimum requirements. (Cat II impact)
Discussion
Improper modification of the core system files can render a system inoperable. Further, modifications to these system files can have a significant impact on the security configuration of the system. Auditing of significant modifications made to the system files provides a method of determining the responsible party.
Check Content
If system-level auditing is not enabled, or if the system and data partitions are not installed on NTFS partitions, then mark this as a finding. Open Windows Explorer and use the file and folder properties function to verify that the audit settings on each partition/drive is configured to audit all "failures" for the "Everyone" group. If any partition/drive is not configured to at least the minimum requirement, then this is a finding.
Fix Text
Configure auditing on each partition/drive to audit all "Failures" for the "Everyone" group.
Additional Identifiers
Rule ID: SV-29472r1_rule
Vulnerability ID: V-1080
Group Title:
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000172 |
Generate audit records for the event types defined in AU-2 c that include the audit record content defined in AU-3. |
| CCI-001814 |
The Information system supports auditing of the enforcement actions. |