Detections
Analytics
SOL-11.1-060180 - The operating system must use cryptographic mechanisms to protect the integrity of audit information.
Information
Protection of audit records and audit data is of critical importance. Cryptographic mechanisms are the industry established standard used to protect the integrity of audit data.Solution
The ZFS File System Management and ZFS Storage Management profiles are required.This action applies to the global zone only. Determine the zone that you are currently securing.
# zonename
If the command output is "global", this action applies.
The Audit Configuration and the Audit Control profiles are required.
If necessary, create a new ZFS pool to store the encrypted audit logs.
# pfexec zpool create auditp mirror [device] [device]
Create an encryption key:
# pktool genkey keystore=file outkey=/[filename] keytype=aes keylen=256
Create a new file system to store the audit logs with encryption enabled. Use the file name created in the previous step as the keystore.
# pfexec zfs create -o encryption=aes-256-ccm -o keysource=raw,file:///[filename] -o compression=on -o mountpoint=/audit auditp/auditf
Configure auditing to use this encrypted directory.
# pfexec auditconfig -setplugin audit_binfile p_dir=/audit/
Refresh the audit service for the setting to be applied:
# pfexec audit -s
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_11_SPARC_V3R4_STIG.zip
Item Details
Audit Name: DISA Solaris 11 SPARC STIG v3r4
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-9(3), CAT|III, CCI|CCI-001350, Rule-ID|SV-216415r958576_rule, STIG-ID|SOL-11.1-060180, STIG-Legacy|SV-61017, STIG-Legacy|V-48145, Vuln-ID|V-216415
Plugin: Unix
Control ID: debe8992514d83e832a7e46e90e09b2c5b9dd1e3c645e55bf6df5fa35d09d933