4.5 Configure Solaris Auditing - active user flags = cis,ex,aa,ua,as,ss,lo,ft

Information

NOTE: Update the value of CIS_AUDIT_CLASS with the appropriate value for the local environment.

Solution

To enforce this setting, use the command:
# auditconfig -conf
# auditconfig -setflags lo,ad,ft,ex,cis
# auditconfig -setnaflags lo
# auditconfig -setpolicy cnt,argv,zonename
# auditconfig -setplugin audit_binfile active p_minfree=1
# audit -s
# rolemod -K audit_flags=lo,ad,ft,ex,cis:no root
# EDITOR=ed crontab -e root << END_CRON
$ a 0 * * * * /usr/sbin/audit -n .
w q
END_CRON
# chown root:root /var/shares/audit
# chmod 750 /var/shares/audit

See Also

https://workbench.cisecurity.org/files/612

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-12c.

Plugin: Unix

Control ID: 32fc9d85632b4fb095fc9cba5506680218e5a31a55c893c3d488f567a6528376