The DBN-6300 must initiate session auditing upon startup.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-76931	DBNW-DM-000026	SV-91627r1_rule		Low

Description
If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.

STIG	Date
DBN-6300 NDM Security Technical Implementation Guide	2017-09-15

Details

Check Text ( C-76555r1_chk )
Navigate to Settings >> Advanced >> Syslog. Verify that the syslog services are set to "on", the syslog server information is valid, and the syslog server has connected. Navigate to Settings >> Advanced >> Audit Log. Verify that the Audit Syslog, "Use System Syslog" button is set to "Yes" and the Audit Configuration Categories can be checked in accordance with the role assigned. For an administrator, the admin role should allow all categories to be checked for Audit Log, Syslog, and Audit Console. Log off and log on to the system again. Examine the message at the syslog server. If there is no message, or no information in the message containing data showing the logon, this is a finding.

Check Text ( C-76555r1_chk )

Navigate to Settings >> Advanced >> Syslog.

Verify that the syslog services are set to "on", the syslog server information is valid, and the syslog server has connected.

Navigate to Settings >> Advanced >> Audit Log.

Verify that the Audit Syslog, "Use System Syslog" button is set to "Yes" and the Audit Configuration Categories can be checked in accordance with the role assigned. For an administrator, the admin role should allow all categories to be checked for Audit Log, Syslog, and Audit Console.

Log off and log on to the system again. Examine the message at the syslog server.

If there is no message, or no information in the message containing data showing the logon, this is a finding.

Fix Text (F-83627r1_fix)
Configure the DBN-6300 to be connected to the syslog server. Also configure the DBN-6300 to include audit records in the syslog message feed. Navigate to Settings >> Advanced >> Syslog. Enter the syslog connection information (port and IP address) and push the "enabled" button for both "TCP" and "enable". Navigate to Settings >> Advanced >> Audit Log. Verify that the Audit Syslog, "Use System Syslog" button is set to "Yes" and the Audit Configuration Categories are all checked for Audit Log, Syslog, and Audit Console. If the "Use System Syslog" button is not set to "Yes", press the "Yes" button. Click on "Commit".

Fix Text (F-83627r1_fix)

Configure the DBN-6300 to be connected to the syslog server. Also configure the DBN-6300 to include audit records in the syslog message feed.

Navigate to Settings >> Advanced >> Syslog.

Enter the syslog connection information (port and IP address) and push the "enabled" button for both "TCP" and "enable".

Navigate to Settings >> Advanced >> Audit Log.

Verify that the Audit Syslog, "Use System Syslog" button is set to "Yes" and the Audit Configuration Categories are all checked for Audit Log, Syslog, and Audit Console.

If the "Use System Syslog" button is not set to "Yes", press the "Yes" button.

Click on "Commit".