The Cisco IOS XE router must initiate session auditing upon startup.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-73987 | CISR-ND-000026 | SV-88661r2_rule | Low |
| Description |
|---|
| If auditing is enabled late in the start-up process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created. |
| STIG | Date |
|---|---|
| Cisco IOS XE Release 3 NDM Security Technical Implementation Guide | 2018-12-20 |
Details
| Check Text ( C-74069r5_chk ) |
|---|
| Verify that logging is properly configured on the Cisco IOS XE router. The configuration will look similar to the example below: logging userinfo login on-failure log login on-success log archive log config logging enable logging size 1000 notify syslog contenttype plaintext hidekeys If logging is not configured, this is a finding. |
| Fix Text (F-80527r3_fix) |
|---|
| Enter the following commands to enable auditing. The configuration will look similar to the example below: logging userinfo login on-failure log login on-success log archive log config logging enable logging size 1000 notify syslog contenttype plaintext hidekeys |