The operating system must alert designated organizational officials in the event of an audit processing failure.

An XCCDF Rule

Description

<VulnDiscussion>Proper alerts to system administrators and IA officials of audit failures ensure a timely response to critical system issues.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-216038r958424_rule
Severity: High
References: CCI-000139
Updated: 17 days ago

The root role is required. 

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename
If the command output is "global", this action applies.

Add an audit_warn alias to /etc/mail/aliases that will forward to designated system administrator(s).

# pfedit /etc/mail/aliases

Insert a line in the form:
audit_warn:user1,user2

Put the updated aliases file into service.
# newaliases

The operating system must alert designated organizational officials in the event of an audit processing failure.

Description

Remediation - Manual Procedure