The audit system must alert the System Administrator (SA) if there is any type of audit failure.

An XCCDF Rule

Description

<VulnDiscussion>Proper alerts to system administrators and Information Assurance (IA) officials of audit failures ensure a timely response to critical system issues.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-219966r958758_rule
Severity: High
References: CCI-001858
Updated: 18 days ago

The root role is required. 

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename
If the command output is "global", this action applies.

Add an audit_warn alias to /etc/mail/aliases that will forward to designated system administrator(s).

# pfedit /etc/mail/aliases

Insert a line in the form:
audit_warn:user1,user2

Put the updated aliases file into service.
# newaliases

The audit system must alert the System Administrator (SA) if there is any type of audit failure.

Description

Remediation - Manual Procedure