The operating system must protect audit information from unauthorized access.
An XCCDF Rule
Description
<VulnDiscussion>If audit data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activity is difficult, if not impossible, to achieve. To ensure the veracity of audit data, the operating system must protect audit information from unauthorized access. Satisfies: SRG-OS-000057, SRG-OS-000058, SRG-OS-000059</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-216277r958434_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Note: By default in Solaris 11.1, /var/audit is a link to /var/share/audit which is mounted on rpool/VARSHARE.
The root role is required.
This action applies to the global zone only. Determine the zone that you are currently securing.