4.1 Create CIS Audit Class

Information

To group a set of related audit events, the Solaris Audit service provides the ability for sites to define their own audit classes that contain just those events that the site wants to audit.

Rationale:

To simplify administration, a CIS specific audit class should be created.

Solution

To create the CIS audit class, edit the /etc/security/audit_class file and add the following entry before the last line of the file:

0x0100000000000000:cis:CIS Solaris Benchmark

See Also

https://workbench.cisecurity.org/benchmarks/4777

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-2, 800-53|AU-7, 800-53|AU-12, CSCv7|6.2

Plugin: Unix

Control ID: e1512531306df2b11e56a37586bf52fb63690cb93037bc9031f04ddd6498f3a4