STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The system must log successful and unsuccessful access to the root account.

DISA Rule

SV-227606r603266_rule

Vulnerability Number

V-227606

Group Title

SRG-OS-000062

Rule Version

GEN001060

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Update /etc/default/su and set SYSLOG=YES.

Ensure /etc/syslog.conf is configured to log auth.crit messages to capture all failed su attempts.

Check Contents

Check the following log files to determine if access to the root account is being logged. Try to su - and enter an incorrect password.
# more /var/adm/sulog
If root login accounts are not being logged, this is a finding.

Vulnerability Number

V-227606

Documentable

False

Rule Version

GEN001060

Severity Override Guidance

Check the following log files to determine if access to the root account is being logged. Try to su - and enter an incorrect password.
# more /var/adm/sulog
If root login accounts are not being logged, this is a finding.

Check Content Reference

M

Target Key

4061

Comments