Spec 7.3 Record logs of SU commands.
Description: Logs of SU commands use log help us analyze and obtain historical records of the root user.
Implementation guide:
Modify the /etc/syslog.conf file, and add the followings:
*.warning /var/log/syslog
Security level: medium.
Answer:
1. There is no policy in SEK which will add the entry "*.warning /var/log/syslog". The meaning of "*.warning" is log all the warning messages to the file /var/log/syslog/ If all the policies in "Logging and auditing" are configured and executed then the same functionality as "*.warning" could be achieved.
2. There is no policy to specifically log SU commands but the policy "Log authentication messages" can log SU commands also.