The DNS implementation must provide a warning when the logging storage capacity reaches an organization defined percentage of maximum capacity.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33985 | SRG-NET-000084-DNS-000043 | SV-44438r1_rule | Medium |
| Description |
|---|
| It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. An audit processing failure includes the audit storage capacity being reached or exceeded. If audit log capacity were to be exceeded then events subsequently occurring will not be recorded. The DNS implementation must have a defined maximum allowable percentage of storage capacity serving as an alarming threshold (e.g., application has exceeded 80% of log storage capacity allocated) at which time the DNS, or the logging function the DNS utilizes must provide a warning to the appropriate personnel. If personnel are not notified to allow for appropriate action to be taken when the storage capacity is at risk of being reached, the DNS implementation is at risk of failing to log suspect events or shutting down. |
| STIG | Date |
|---|---|
| Domain Name System (DNS) Security Requirements Guide | 2012-10-24 |
Details
| Check Text ( C-41989r1_chk ) |
|---|
| Review the DNS system configuration to determine whether a warning will be provided when a specific percentage of log storage capacity is reached. If no warning will be provided when log capacity is at risk of being exceeded, this is a finding. |
| Fix Text (F-37900r1_fix) |
|---|
| Configure the DNS system to send an alert or warning to appropriate personnel when the generated logs exceed a pre-determined percentage of the defined maximum capacity. |