The HYCU server must generate audit records when successful/unsuccessful attempts to modify or delete administrator privileges occur.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246832 | HYCU-AU-000003 | SV-246832r768160_rule | Medium |
| Description |
|---|
| This requirement addresses the configuration of network devices to mitigate the impact of DoS attacks that have occurred or are ongoing on device availability. For each network device, known and potential DoS attacks must be identified and solutions for each type implemented. A variety of technologies exist to limit or, in some cases, eliminate the effects of DoS attacks (e.g., limiting processes or restricting the number of sessions the device opens at one time). Employing increased capacity and bandwidth, combined with service redundancy, may reduce the susceptibility to some DoS attacks. Satisfies: SRG-APP-000495-NDM-000318, SRG-APP-000499-NDM-000319 |
| STIG | Date |
|---|---|
| HYCU for Nutanix Security Technical Implementation Guide | 2021-08-03 |
Details
| Check Text ( C-50264r768158_chk ) |
|---|
| Check the contents of the "/var/log/audit/audit.log" file. HYCU also maintains Event (Audit) information in the "HYCU Web UI Events" menu. Verify the audit log contains records showing successful/unsuccessful attempts to modify or delete administrator privileges. If the audit log is not configured or does not have required contents, this is a finding. |
| Fix Text (F-50218r768159_fix) |
|---|
| Log on to the HYCU VM console and load the STIG audit rules by using the following commands: 1. cp /usr/share/doc/audit/rules/10-base-config.rules /usr/share/doc/audit/rules/30-stig.rules /usr/share/doc/audit/rules/31-privileged.rules /usr/share/doc/audit/rules/99-finalize.rules /etc/audit/rules.d/ 2. augenrules --load |