SOL-11.1-010370 - The audit system must alert the SA when the audit storage volume approaches its capacity.

Information

Filling the audit storage area can result in a denial of service or system outage and can lead to events going undetected.

Solution

The root role is required.

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is 'global', this action applies.

Add an audit_warn alias to /etc/mail/aliases that will forward to designated system administrator(s).

# pfedit /etc/mail/aliases

Insert a line in the form:
audit_warn:user1,user2

Put the updated aliases file into service.
# newaliases

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_11_SPARC_V3R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-5(1), CAT|II, CCI|CCI-001855, Rule-ID|SV-219965r971542_rule, STIG-ID|SOL-11.1-010370, STIG-Legacy|SV-60709, STIG-Legacy|V-47835, Vuln-ID|V-219965

Plugin: Unix

Control ID: 4500161c125173ebd8e322032caee3fb5c27a19b4393b387e231e82043202189