STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must implement a remote syslog server that is documented using site-defined procedures.

DISA Rule

SV-215312r508663_rule

Vulnerability Number

V-215312

Group Title

SRG-OS-000480-GPOS-00227

Rule Version

AIX7-00-002131

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the /etc/syslog.conf file to include a documented and approved remote log host.

Check Contents

Examine the "syslog.conf" file for any references to remote log hosts using command:

# grep -v "^#" /etc/syslog.conf | grep '@'
@<loghost>

Ask ISSO/SA for a list of valid remote syslog servers justified and documented using site-defined procedures.

Destination locations beginning with "@" represent log hosts. If the log host name is a local alias, such as log host, consult the "/etc/hosts" or other name databases as necessary to obtain the canonical name or address for the log host. Determine if the host referenced is a syslog host documented using site-defined procedures.

If a loghost is not defined, not documented, or is commented out this is a finding.

Vulnerability Number

V-215312

Documentable

False

Rule Version

AIX7-00-002131

Severity Override Guidance

Examine the "syslog.conf" file for any references to remote log hosts using command:

# grep -v "^#" /etc/syslog.conf | grep '@'
@<loghost>

Ask ISSO/SA for a list of valid remote syslog servers justified and documented using site-defined procedures.

Destination locations beginning with "@" represent log hosts. If the log host name is a local alias, such as log host, consult the "/etc/hosts" or other name databases as necessary to obtain the canonical name or address for the log host. Determine if the host referenced is a syslog host documented using site-defined procedures.

If a loghost is not defined, not documented, or is commented out this is a finding.

Check Content Reference

M

Target Key

4012

Comments