SOL-11.1-060180 - The operating system must use cryptographic mechanisms to protect the integrity of audit information.

Information

Protection of audit records and audit data is of critical importance. Cryptographic mechanisms are the industry established standard used to protect the integrity of audit data.

Solution

The ZFS File System Management and ZFS Storage Management profiles are required.

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename

If the command output is 'global', this action applies.

The Audit Configuration and the Audit Control profiles are required.

If necessary, create a new ZFS pool to store the encrypted audit logs.

# pfexec zpool create auditp mirror [device] [device]

Create an encryption key:

# pktool genkey keystore=file outkey=/[filename] keytype=aes keylen=256

Create a new file system to store the audit logs with encryption enabled. Use the file name created in the previous step as the keystore.

# pfexec zfs create -o encryption=aes-256-ccm -o keysource=raw,file:///[filename] -o compression=on -o mountpoint=/audit auditp/auditf

Configure auditing to use this encrypted directory.

# pfexec auditconfig -setplugin audit_binfile p_dir=/audit/

Refresh the audit service for the setting to be applied:

# pfexec audit -s

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_11_SPARC_V3R1_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-9(3), CAT|III, CCI|CCI-001350, Rule-ID|SV-216415r958576_rule, STIG-ID|SOL-11.1-060180, STIG-Legacy|SV-61017, STIG-Legacy|V-48145, Vuln-ID|V-216415

Plugin: Unix

Control ID: f40ff9e28d182cfa49e26d053f57db6ef9b3af65a4cf3abe7229524f0404bb4b