Event auditing (UNIX)

Module: System Auditing

This check looks at the events specified in the Events template and reports events that are not being audited. This check is currently supported only on AIX, HP-UX, and Solaris operating systems. Use the file list to enable or disable the Events templates.

The following table lists the error messages for the check.

Table: Error messages for Event auditing

Message String ID and Category

Platform and Message Numeric ID

Message Title and Description

Additional Information

String ID: STKU_TRUSTEDEVENT

Category: Policy Compliance

UNIX (6131)

Title: Events not audited

Description:The named events are not being audited by your operating system. You should enable system auditing of these events so you can identify unauthorized users during or after an attempted security breach.

Severity: yellow-3

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [User: %s; Type: %s]

String ID: STKU_HP_TRUSTEDEVENTMAP

Category: Policy Compliance

UNIX (6146)

Title: HP event map error

Description:The system call is not being audited in the same manner as the specified event.

Severity: yellow-3

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [System Call: %s; Type: %s]

String ID: STKU_AUDIT_OFF

Category: Policy Compliance

UNIX (6147)

Title: Auditing not enabled

Description:System auditing is not currently enabled.

Severity: red-4

Correctable: false

Snapshot Updatable: false

Template Updatable: false

Information Field Format: [%s]