STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The audit system must alert the SA when the audit storage volume approaches its capacity.

DISA Rule

SV-227726r603266_rule

Vulnerability Number

V-227726

Group Title

SRG-OS-000343

Rule Version

GEN002730

Severity

CAT II

CCI(s)

• CCI-001855 - The information system provides a warning to organization-defined personnel, roles, and/or locations within an organization-defined time period when allocated audit record storage volume reaches an organization-defined percentage of repository maximum audit record storage capacity.

Weight

10

Fix Recommendation

If necessary, add an audit_warn alias to /etc/mail/aliases that will forward to designated system administrator(s).

# vi /etc/mail/aliases

Put the updated aliases file into service.

# newaliases

If necessary, add or update the minfree: parameter in /etc/security/audit_control.

# vi /etc/security/audit_control

Ensure the minfree value is greater than zero and less than 100.

Check Contents

Verify the presence of an audit_warn entry in /etc/mail/aliases.

# grep audit_warn /etc/mail/aliases

If there is no audit_warn entry in /etc/mail/aliases, this is a finding.

Verify the minfree parameter in /etc/security/audit_control.

# egrep '^minfree:' /etc/security/audit_control

If the minfree parameter is set to zero or not set at all, this is a finding.

Vulnerability Number

V-227726

Documentable

False

Rule Version

GEN002730

Severity Override Guidance

Verify the presence of an audit_warn entry in /etc/mail/aliases.

# grep audit_warn /etc/mail/aliases

If there is no audit_warn entry in /etc/mail/aliases, this is a finding.

Verify the minfree parameter in /etc/security/audit_control.

# egrep '^minfree:' /etc/security/audit_control

If the minfree parameter is set to zero or not set at all, this is a finding.

Check Content Reference

M

Target Key

4061

Comments