STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The system must log successful and unsuccessful access to the root account.

DISA Rule

SV-226480r603265_rule

Vulnerability Number

V-226480

Group Title

SRG-OS-000062

Rule Version

GEN001060

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Update /etc/default/su and set SYSLOG=YES.

Ensure /etc/syslog.conf is configured to log auth.crit messages to capture all failed su attempts.

Check Contents

Check the following log files to determine if access to the root account is being logged. Try to su - and enter an incorrect password.
# more /var/adm/sulog
If root login accounts are not being logged, this is a finding.

Vulnerability Number

V-226480

Documentable

False

Rule Version

GEN001060

Severity Override Guidance

Check the following log files to determine if access to the root account is being logged. Try to su - and enter an incorrect password.
# more /var/adm/sulog
If root login accounts are not being logged, this is a finding.

Check Content Reference

M

Target Key

4060

Comments