444444

Spec 7.3 Record logs of SU commands.

Description: Logs of SU commands use log help us analyze and obtain historical records of the root user.

Implementation guide:

Modify the /etc/syslog.conf file, and add the followings:

*.warning     /var/log/syslog

Security level: medium.

Answer:

1. There is no policy in SEK which will add the entry "*.warning /var/log/syslog". The meaning of "*.warning" is log all the warning messages to the file /var/log/syslog/ If all the policies in "Logging and auditing" are configured and executed then the same functionality as "*.warning" could be achieved.

2. There is no policy to specifically log SU commands but the policy "Log authentication messages" can log SU commands also.