The Infoblox system audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-214162	IDNS-7X-000120	SV-214162r612370_rule		Medium

Description
Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on a defined frequency helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions.

Description

Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on a defined frequency helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions.

STIG	Date
Infoblox 7.x DNS Security Technical Implementation Guide	2020-12-10

Details

Check Text ( C-15377r295752_chk )
Navigate to Grid >> Grid Manager >> Grid Properties >> Monitoring tab. If "Log to External Syslog Servers" is enabled, an External Syslog Server must be configured. If no external SYSLOG server is available verify local procedure to retain audit logs. Logs can be downloaded by navigation to Administration >> Logs >> Audit Log tab and pressing the "Download" button. When complete, click "Cancel" to exit the "Properties" screen. If neither an external SYSLOG server is configured, or a local policy is in place to store audit logs, this is a finding.

Check Text ( C-15377r295752_chk )

Navigate to Grid >> Grid Manager >> Grid Properties >> Monitoring tab.

If "Log to External Syslog Servers" is enabled, an External Syslog Server must be configured.

If no external SYSLOG server is available verify local procedure to retain audit logs. Logs can be downloaded by navigation to Administration >> Logs >> Audit Log tab and pressing the "Download" button.

When complete, click "Cancel" to exit the "Properties" screen.

If neither an external SYSLOG server is configured, or a local policy is in place to store audit logs, this is a finding.

Fix Text (F-15375r295753_fix)
Navigate to Grid >> Grid Manager >> Grid Properties >> Monitoring tab. Enable "Log to External Syslog Servers" and configure an "External Syslog Server". Review Infoblox audit records on the remote SYSLOG server to validate operation. When complete, click "Save & Close" to save the changes and exit the "Properties" screen. Perform a service restart if necessary.