UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The HPE Nimble must forward critical alerts (at a minimum) to the system administrators and the ISSO.


Overview

Finding ID Version Rule ID IA Controls Severity
V-252199 HPEN-NM-000140 SV-252199r814077_rule High
Description
Alerts are essential to let the system administrators and security personnel know immediately of issues which may impact the system or users. If these alerts are also sent to the syslog, this information is used to detect weaknesses in security that enable the network IA team to find and address these weaknesses before breaches can occur. Reviewing these logs, whether before or after a security breach, are important in showing whether someone is an internal employee or an outside threat. Alerts are identifiers about specific actions that occur on a group of arrays. There are several ways to meet this requirement. The Nimble can be configured for forward alerts from groups to a secure Simple Mail Transfer Protocol (SMTP) server. The alert may also be sent to the syslog server and the syslog configured to send the alert to the appropriate personnel.
STIG Date
HPE Nimble Storage Array Security Technical Implementation Guide 2022-03-16

Details

Check Text ( C-55655r814075_chk )
Type "group --info | grep -i syslog" and review the output lines. The "Syslogd enabled" value should be "Yes", and the "Syslogd server" and "Syslogd port" values should contain the correct syslog server and port values. If not, this is a finding.
Fix Text (F-55605r814076_fix)
Configure email alerts (optional)
group--edit [--smtp_serversmtp server] [--smtp_portsmtp port] [--smtp_auth {yes | no}] [--smtp_username username]
--smtp_encrypt_type ssl [--smtp_from_addr email addr] [--smtp_to_addr email addr]
[--send_event_data {yes | no}] [--alert_level {info | warning | critical}]

To specify and enable logging of alerts, type "group --edit --syslog_enabled yes --syslog_server --syslog_port ", where and are the server DNS name or IP address, and is the port to send syslog messages to.