STIGQter STIGQter: STIG Summary: Solaris 10 X86 Security Technical Implementation Guide Version: 1 Release: 26 Benchmark Date: 24 Jan 2020: Auditing must be implemented.

DISA Rule

SV-27266r2_rule

Vulnerability Number

V-811

Group Title

GEN002660

Rule Version

GEN002660

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Use /etc/security/bsmconv to enable auditing on the system.

Check Contents

Determine the type of zone that you are currently securing.

# zonename

If the output of "zonename" is "global", then auditing must be enabled.

Determine if auditing is enabled.

# ps -ef |grep auditd

If the auditd process is not found, this is a finding.
If the output of "zonename" is not "global", then the "perzone" policy must be determined.

# auditconfig –getpolicy
audit policies = cnt,perzone

If "perzone" is not listed then this requirement is not applicable. If "perzone" is listed then determine if auditing is enabled.

# ps -ef |grep auditd

If the auditd process is not found, this is a finding.

Vulnerability Number

V-811

Documentable

False

Rule Version

GEN002660

Severity Override Guidance

Determine the type of zone that you are currently securing.

# zonename

If the output of "zonename" is "global", then auditing must be enabled.

Determine if auditing is enabled.

# ps -ef |grep auditd

If the auditd process is not found, this is a finding.
If the output of "zonename" is not "global", then the "perzone" policy must be determined.

# auditconfig –getpolicy
audit policies = cnt,perzone

If "perzone" is not listed then this requirement is not applicable. If "perzone" is listed then determine if auditing is enabled.

# ps -ef |grep auditd

If the auditd process is not found, this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

25

Comments