STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Successful and unsuccessful logins and logouts must be logged.

DISA Rule

SV-227577r603266_rule

Vulnerability Number

V-227577

Group Title

SRG-OS-000470

Rule Version

GEN000440

Severity

CAT II

CCI(s)

• CCI-000172 - The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3.

Weight

10

Fix Recommendation

Verify that login logs are handled correctly in the /etc/syslog.conf file. Edit the /etc/syslog.conf file and add one of the entries below.

auth.debug /var/log/authlog
OR
auth.* /var/log/authlog

Verify that service startup scripts for syslog and utmp (if present) are enabled.

Check Contents

Determine if successful logons are being logged.
# last | more

Determine if unsuccessful logons are being logged.
# more /var/adm/loginlog

If the commands do not return successful and unsuccessful logins, this is a finding.

Check the syslog daemon configuration for authentication logging.
# egrep "auth\.(info|debug)" /etc/syslog.conf
If there are no entries in syslog for the auth service, this is a finding.

Vulnerability Number

V-227577

Documentable

False

Rule Version

GEN000440

Severity Override Guidance

Determine if successful logons are being logged.
# last | more

Determine if unsuccessful logons are being logged.
# more /var/adm/loginlog

If the commands do not return successful and unsuccessful logins, this is a finding.

Check the syslog daemon configuration for authentication logging.
# egrep "auth\.(info|debug)" /etc/syslog.conf
If there are no entries in syslog for the auth service, this is a finding.

Check Content Reference

M

Target Key

4061

Comments