SOL-11.1-010380 - The audit system must alert the System Administrator (SA) if there is any type of audit failure.

Information

Proper alerts to system administrators and Information Assurance (IA) officials of audit failures ensure a timely response to critical system issues.

Solution

The root role is required.

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is 'global', this action applies.

Add an audit_warn alias to /etc/mail/aliases that will forward to designated system administrator(s).

# pfedit /etc/mail/aliases

Insert a line in the form:
audit_warn:user1,user2

Put the updated aliases file into service.
# newaliases

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_11_SPARC_V3R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5(2), CAT|I, CCI|CCI-001858, Rule-ID|SV-219966r958758_rule, STIG-ID|SOL-11.1-010380, STIG-Legacy|SV-60717, STIG-Legacy|V-47843, Vuln-ID|V-219966

Plugin: Unix

Control ID: 3e9eefdebf699492050fd17efd7579e4526041341394e7d1ff76f65dfa0c617d