Automation Controller must use external log providers that can collect user activity logs in independent, protected repositories to prevent modification or repudiation.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-256900	APAS-AT-000017	SV-256900r960864_rule		Medium

Description
Automation Controller must be configured to use external logging to compile log records from multiple components within the server. The events occurring must be time-correlated in order to conduct accurate forensic analysis. In addition, the correlation must meet certain tolerance criteria. For instance, DOD may define that the time stamps of different logged events must not differ by any amount greater than ten seconds. Automation Controller must utilize an external logging tool that provides this capability. Satisfies: SRG-APP-000080-AS-000045, SRG-APP-000086-AS-000048, SRG-APP-000108-AS-000067, SRG-APP-000125-AS-000084, SRG-APP-000181-AS-000255, SRG-APP-000358-AS-000064, SRG-APP-000505-AS-000230, SRG-APP-000506-AS-000231, SRG-APP-000515-AS-000203

Description

Automation Controller must be configured to use external logging to compile log records from multiple components within the server. The events occurring must be time-correlated in order to conduct accurate forensic analysis. In addition, the correlation must meet certain tolerance criteria. For instance, DOD may define that the time stamps of different logged events must not differ by any amount greater than ten seconds. Automation Controller must utilize an external logging tool that provides this capability. Satisfies: SRG-APP-000080-AS-000045, SRG-APP-000086-AS-000048, SRG-APP-000108-AS-000067, SRG-APP-000125-AS-000084, SRG-APP-000181-AS-000255, SRG-APP-000358-AS-000064, SRG-APP-000505-AS-000230, SRG-APP-000506-AS-000231, SRG-APP-000515-AS-000203

STIG	Date
Red Hat Ansible Automation Controller Application Server Security Technical Implementation Guide	2024-06-10

Details

Check Text ( C-60575r902268_chk )
Log in to Automation Controller as an administrator. Navigate to Settings >> System >> Logging setting. The following parameters must be set: Enable External Logging = On Logging Aggregator Level Threshold = DEBUG TCP Connection Timeout = 5 (default) or the organizational timeout Enable/disable HTTPS certificate verification = On Logging Aggregator <> (Default) "Not configured" If any of these settings are incorrect, this is a finding.

Check Text ( C-60575r902268_chk )

Log in to Automation Controller as an administrator.

Navigate to Settings >> System >> Logging setting.

The following parameters must be set:

Enable External Logging = On

Logging Aggregator Level Threshold = DEBUG

TCP Connection Timeout = 5 (default) or the organizational timeout

Enable/disable HTTPS certificate verification = On

Logging Aggregator <> (Default) "Not configured"

If any of these settings are incorrect, this is a finding.

Fix Text (F-60517r903512_fix)
Log in to Automation Controller as an administrator. Navigate to Settings >> System >> Logging setting. Click "Edit" and set the following fields: Enable External Logging = On Logging Aggregator Level Threshold = DEBUG TCP Connection Timeout = 5 (default) or the organizational timeout Enable/disable HTTPS certificate verification = On Logging Aggregator <> (Default) "Not configured" Click "Save".

Fix Text (F-60517r903512_fix)

Log in to Automation Controller as an administrator.

Navigate to Settings >> System >> Logging setting.

Click "Edit" and set the following fields:

Enable External Logging = On

Logging Aggregator Level Threshold = DEBUG

TCP Connection Timeout = 5 (default) or the organizational timeout

Enable/disable HTTPS certificate verification = On

Logging Aggregator <> (Default) "Not configured"

Click "Save".