The operating system must use cryptographic mechanisms to protect the integrity of audit information.

An XCCDF Rule

Description

<VulnDiscussion>Protection of audit records and audit data is of critical importance. Cryptographic mechanisms are the industry established standard used to protect the integrity of audit data.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-216178r958576_rule
Severity: Low
References: CCI-001350
Updated: 17 days ago

The ZFS File System Management and ZFS Storage Management profiles are required.

This action applies to the global zone only. Determine the zone that you are currently securing.

# zonename
If the command output is "global", this action applies.

The Audit Configuration and the Audit Control profiles are required.

If necessary, create a new ZFS pool to store the encrypted audit logs.

# pfexec zpool create auditp mirror [device] [device]

Create an encryption key:

# pktool genkey keystore=file outkey=/[filename] keytype=aes keylen=256

Create a new file system to store the audit logs with encryption enabled. Use the file name created in the previous step as the keystore.

# pfexec zfs create -o encryption=aes-256-ccm -o keysource=raw,file:///[filename] -o compression=on -o mountpoint=/audit auditp/auditf

Configure auditing to use this encrypted directory.

# pfexec auditconfig -setplugin audit_binfile p_dir=/audit/

Refresh the audit service for the setting to be applied:

# pfexec audit -s

The operating system must use cryptographic mechanisms to protect the integrity of audit information.

Description

Remediation - Manual Procedure