From SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE
Part of GEN000000-SOL00080
Associated with IA controls: ECLP-1
Associated with: CCI-000225
The Solaris audit_user file allows for selective auditing or non-auditing of features for certain users. If it is not protected, it could be compromised and used to mask audit events. This could cause the loss of valuable forensics data in the case of a system compromise.
Check /etc/security/audit_user group ownership. # ls -lL /etc/security/audit_user If /etc/security/audit_user is not group owned by root, sys, or bin, this is a finding.
Change the group owner of the audit_user file to root, bin, or sys. Example: # chgrp root /etc/security/audit_user
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer