The Central Log Server must be configured to protect the data sent from hosts and devices from being altered in a way that may prevent the attribution of an action to an individual (or process acting on behalf of an individual).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-81105 | SRG-APP-000080-AU-000010 | SV-95819r1_rule | Medium |
| Description |
|---|
| Without non-repudiation, it is impossible to positively attribute an action to an individual (or process acting on behalf of an individual). The records stored by the Central Log Server must be protected against such alteration as removing the identifier. A hash is one way of performing this function. The server must not allow the removal of identifiers or date/time, or it must severely restrict the ability to do so. Additionally, the log administrator access and activity with the user account information. |
| STIG | Date |
|---|---|
| Central Log Server Security Requirements Guide | 2019-06-28 |
Details
| Check Text ( C-80759r1_chk ) |
|---|
| Examine the configuration. Verify the system is configured with a hash or other method that protects the data against alteration of the log information sent from hosts and devices. Verify the Central Log Server is configured to log all changes to the machine data. If the Central Log Server is not configured to protect against an individual (or process acting on behalf of an individual) falsely denying having performed organization-defined actions to be covered by non-repudiation, this is a finding. |
| Fix Text (F-87877r1_fix) |
|---|
| Configure the Central Log Server to use a hash or other method that protects the data against alteration of the log information sent from hosts and devices. Configure the Central Log Server to not allow alterations to the machine data. |