Riverbed Optimization System (RiOS) must generate a log event when privileged functions are executed.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-62857 | RICX-DM-000023 | SV-77347r1_rule | Low |
| Description |
|---|
| Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat. |
| STIG | Date |
|---|---|
| Riverbed SteelHead CX v8 NDM Security Technical Implementation Guide | 2019-10-01 |
Details
| Check Text ( C-63651r1_chk ) |
|---|
| Verify the device generates a log event when commands are executed. Navigate to the device Management Console Navigate to Configure >> System Settings >> Logging Under Logging Configurations, verify Minimum Severity is set to Info If the Standard Mandatory DoD Notice and Consent Banner does not exist on this page, this is a finding. |
| Fix Text (F-68775r1_fix) |
|---|
| Since all commands on the device are privileged commands, the following command ensures execution of commands are sent to the Syslog Server. Navigate to the Device Management Console Navigate to Configure >> System Settings >> Logging Under "Remote Log Servers", click "Add a New Log Server" Enter the server IP address Under Logging Configurations >> Minimum Severity, select "Info" Click "Add" Add an IP and Minimum Severity level for the backup Syslog server. |