STIGQter: STIG Summary: Solaris 10 SPARC Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

Auditing must be implemented.

DISA Rule

SV-226589r603265_rule

Vulnerability Number

V-226589

Group Title

SRG-OS-000062

Rule Version

GEN002660

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Use /etc/security/bsmconv to enable auditing on the system.

Check Contents

Determine the type of zone that you are currently securing.

# zonename

If the output of "zonename" is "global", then auditing must be enabled.

Determine if auditing is enabled.

# ps -ef |grep auditd

If the auditd process is not found, this is a finding.
If the output of "zonename" is not "global", then the "perzone" policy must be determined.

# auditconfig --getpolicy
audit policies = cnt,perzone

If "perzone" is not listed then this requirement is not applicable. If "perzone" is listed then determine if auditing is enabled.

# ps -ef |grep auditd

If the auditd process is not found, this is a finding.

Vulnerability Number

V-226589

Documentable

False

Rule Version

GEN002660

Severity Override Guidance

Determine the type of zone that you are currently securing.

# zonename

If the output of "zonename" is "global", then auditing must be enabled.

Determine if auditing is enabled.

# ps -ef |grep auditd

If the auditd process is not found, this is a finding.
If the output of "zonename" is not "global", then the "perzone" policy must be determined.

# auditconfig --getpolicy
audit policies = cnt,perzone

If "perzone" is not listed then this requirement is not applicable. If "perzone" is listed then determine if auditing is enabled.

# ps -ef |grep auditd

If the auditd process is not found, this is a finding.

Check Content Reference

M

Target Key

4060

Comments