STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The system's access control program must log each system access attempt.

DISA Rule

SV-227048r603265_rule

Vulnerability Number

V-227048

Group Title

SRG-OS-000470

Rule Version

GEN006600

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

Configure the access restriction program to log every access attempt. Ensure the implementation instructions for TCP_WRAPPERS are followed, so system access attempts are logged into the system log files. If an alternate application is used, it must support this function.

Check Contents

Normally, TCPD logs to the mail facility in /etc/syslog.conf. Determine if syslog is configured to log events by TCPD.

Procedure:
# more /etc/syslog.conf

Look for entries similar to the following:
mail.debug /var/adm/maillog
mail.none /var/adm/maillog
mail.* /var/log/mail
auth.info /var/log/messages

The above entries would indicate mail alerts are being logged. If no entries for mail exist, then TCPD is not logging and this is a finding.

Vulnerability Number

V-227048

Documentable

False

Rule Version

GEN006600

Severity Override Guidance

Normally, TCPD logs to the mail facility in /etc/syslog.conf. Determine if syslog is configured to log events by TCPD.

Procedure:
# more /etc/syslog.conf

Look for entries similar to the following:
mail.debug /var/adm/maillog
mail.none /var/adm/maillog
mail.* /var/log/mail
auth.info /var/log/messages

The above entries would indicate mail alerts are being logged. If no entries for mail exist, then TCPD is not logging and this is a finding.

Check Content Reference

M

Target Key

4060

Comments