The Sun Ray server does not record log files.

From Sun Ray 4 STIG

Part of Sun Ray Server does not record log files.

Associated with IA controls: ECAR-3, ECAR-2, ECAR-1

SV-17146r1_rule The Sun Ray server does not record log files.

Vulnerability discussion

Logs form a recorded history or audit trail of the Sun Ray server system events, making it easier for system administrators to track down intermittent problems, review past events, and piece together information if an investigation is required. Without this recorded history, potential attacks and suspicious activity will go unnoticed. Logging must be comprehensive to be useful for both intrusion monitoring and security investigations. Setting logging at the severity notice should capture most relevant events without requiring unacceptable levels of data storage. The severity levels notice and debug are also available to organizations that require additional logging for certain events or applications.

Check content

1. Verify that syslogd is running on the system. Perform the following: # ps –ef | grep syslogd If nothing is returned, this is a finding. 2. Verify /etc/syslog.conf is configured with the following entries: # cat /etc/syslog.conf User.info /var/opt/SUNWut/log/messages Local1.info /var/opt/SUNWut/log/admin_log If these two entries are missing, this is a finding. 3. Critical Sun Ray log files are the administration, authentication, automatic mounting, mass storage devices, messages, and web administration. Significant activity is recorded in the following log files. Verify that these files are being written to by performing the following: # ls -Ll /var/opt/SUNWut/log | awk ‘{if ($5 ~ /^0$/ print}’ If any of the following log files are returned this is a finding. admin_log auth_log utmountd.log utstoraged.log messages utwebadmin.log Example of log file with zero byte (0) size. (i.e. –rw-r----- 1 root utadmin 0 Jun 29 utmountd.log) If these logs are being written to an external syslog server, review that server to ensure the logs are being recorded.

Fix text

Record Sun Ray server activity to log files.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer