ONTAP must have audit guarantee enabled.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246935 | NAOT-AU-000003 | SV-246935r835225_rule | Medium |
| Description |
|---|
| It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. With audit guarantee enabled, all SMB operations must generate an audit event before an ACK is returned to the client and the operation completed. If the audit event cannot be written, then the client operation is delayed or denied. |
| STIG | Date |
|---|---|
| NetApp ONTAP DSC 9.x Security Technical Implementation Guide | 2022-06-07 |
Details
| Check Text ( C-50367r835223_chk ) |
|---|
| Use "vserver audit show -fields audit-guarantee" to see if audit guarantee is enabled. If audit-guarantee is set to false, this is a finding. |
| Fix Text (F-50321r835224_fix) |
|---|
| Use the command "vserver audit modify -vserver An example command for a vserver named svm01 with the audit logs at /audit_log would be "vserver audit modify -vserver svm01 -destination /audit_log -audit-guarantee true". Use the command "vserver audit show -fields audit-guarantee" to verify the change. |