The audit system must maintain a central audit trail for all zones.

From Solaris 11 SPARC Security Technical Implementation Guide

Part of SRG-OS-999999

Associated with: CCI-000366

SV-60711r1_rule The audit system must maintain a central audit trail for all zones.

Vulnerability discussion

Centralized auditing simplifies the investigative process to determine the cause of a security event.

Check content

This check applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this check applies. List the non-global zones on the system. # zoneadm list -vi | grep -v global The Audit Configuration profile is required. Determine whether the "perzone" auditing policy is in effect. # pfexec auditconfig -getpolicy | grep active | grep perzone If output is returned, this is a finding.

Fix text

This check applies to the global zone only. Determine the zone that you are currently securing. # zonename If the command output is "global", this check applies. List the non-global zones on the system. # zoneadm list -vi | grep -v global The Audit Configuration profile is required. Disable the "perzone" auditing policy. # pfexec auditconfig -setpolicy -perzone

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer