From Sun Ray 4 STIG
Part of Sun Ray audit logs are not retained
Associated with IA controls: ECAR-3, ECAR-2, ECAR-1
Storing log files for at least a year provides a way to recover these files in case an investigation is necessary. Typically these files are stored offline on tape media or external networks. Log files enable the enforcement of individual accountability by creating a reconstruction of events. They also assist in problem identification that may lead to problem resolution. If these log files are not retained, there is no way to trace or reconstruct the events, and if it was discovered the network was hacked, there would be no way to trace the full extent of the compromise.
Ask the IAO/SA where the Sun Ray system audit logs are stored. If they are offsite, review the process to move them to the alternative site. Verify that the audit data is retained for a minimum of one year by reviewing the dates of the oldest backup files or media. Audit data that should be retained include the following files on the Sun Ray server: (These files maybe at a different location for a remote syslog server.) /var/opt/SUNWut/log/admin_log /var/opt/SUNWut/log/auth_log /var/opt/SUNWut/log/utmountd.log /var/opt/SUNWut/log/utstoraged.log /var/opt/SUNWut/log/messages /var/opt/SUNWut/log/utwebadmin.log
Retain all audit data for a minimum of one year.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer