UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The HYCU server and Web UI must audit the execution of privileged functions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-246825 HYCU-AC-000007 SV-246825r768139_rule Medium
Description
Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.
STIG Date
HYCU for Nutanix Security Technical Implementation Guide 2021-08-03

Details

Check Text ( C-50257r768137_chk )
Check the contents of the "/var/log/audit/audit.log" file.

HYCU also maintains Event (Audit) information in the HYCU Web UI Events menu.

Verify the audit log contains records showing when the execution of privileged functions occurred.

If the audit log is not configured or does not have the required contents, this is a finding.
Fix Text (F-50211r768138_fix)
Log on to the HYCU VM console and load the STIG audit rules by using the following commands:

1. cp /usr/share/doc/audit/rules/10-base-config.rules /usr/share/doc/audit/rules/30-stig.rules /usr/share/doc/audit/rules/31-privileged.rules /usr/share/doc/audit/rules/99-finalize.rules /etc/audit/rules.d/

2. augenrules --load