CCI-000880 says:
"The operating system must audit non-local maintenance and diagnostic sessions." and "Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network, in order to conduct system diagnostics.
For traceability of maintenance, logging events associated with a non-local administrative access or diagnostic session must be performed."
What actions do we want to consider "maintenance and diagnostic" commands/tools?
On 4/25/12 5:31 PM, Shawn Wells wrote:
CCI-000880 says:
"The operating system must audit non-local maintenance and diagnostic sessions." and "Non-local maintenance and diagnostic activities are those activities conducted by individuals communicating through a network, either an external network (e.g., the Internet) or an internal network, in order to conduct system diagnostics.
For traceability of maintenance, logging events associated with a non-local administrative access or diagnostic session must be performed."
What actions do we want to consider "maintenance and diagnostic" commands/tools?
Another way of looking at this is that we have to audit the "session": Does this mean literally, such as down to the keystrokes (we can do that if needed)?
scap-security-guide@lists.fedorahosted.org