STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 22 Jan 2021:

The system's access control program must log each system access attempt.

DISA Rule

SV-227956r603266_rule

Vulnerability Number

V-227956

Group Title

SRG-OS-000470

Rule Version

GEN006600

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the access restriction program to log every access attempt. Ensure the implementation instructions for TCP_WRAPPERS are followed, so system access attempts are logged into the system log files. If an alternate application is used, it must support this function.

Check Contents

Normally, TCPD logs to the mail facility in /etc/syslog.conf. Determine if syslog is configured to log events by TCPD.

Procedure:
# more /etc/syslog.conf

Look for entries similar to the following:
mail.debug /var/adm/maillog
mail.none /var/adm/maillog
mail.* /var/log/mail
auth.info /var/log/messages

The above entries would indicate mail alerts are being logged. If no entries for mail exist, then TCPD is not logging and this is a finding.

Vulnerability Number

V-227956

Documentable

False

Rule Version

GEN006600

Severity Override Guidance

Normally, TCPD logs to the mail facility in /etc/syslog.conf. Determine if syslog is configured to log events by TCPD.

Procedure:
# more /etc/syslog.conf

Look for entries similar to the following:
mail.debug /var/adm/maillog
mail.none /var/adm/maillog
mail.* /var/log/mail
auth.info /var/log/messages

The above entries would indicate mail alerts are being logged. If no entries for mail exist, then TCPD is not logging and this is a finding.

Check Content Reference

M

Target Key

4061

Comments