The system must only use remote syslog servers (log hosts) justified and documented using site-defined procedures.

From SOLARIS 10 SPARC SECURITY TECHNICAL IMPLEMENTATION GUIDE

Part of GEN005460

Associated with IA controls: ECSC-1

Associated with: CCI-000366

SV-4395r2_rule The system must only use remote syslog servers (log hosts) justified and documented using site-defined procedures.

Vulnerability discussion

If a remote log host is in use and it has not been justified and documented with the IAO, sensitive information could be obtained by unauthorized users without the SA's knowledge. A remote log host is any host to which the system is sending syslog messages over a network.

Check content

Examine the syslog.conf file for any references to remote log hosts. # grep -v "^#" /etc/syslog.conf | grep '@' Destination locations beginning with an @ represent log hosts. If the log host name is a local alias, such as log host, consult the /etc/hosts or other name databases as necessary to obtain the canonical name or address for the log host. Determine if the host referenced is a log host documented using site-defined procedures. If an undocumented log host is referenced, this is a finding.

Fix text

Remove, replace, or document the referenced undocumented log host.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer