When invalid inputs are received, the Cassandra Server must behave in a predictable and documented manner that reflects organizational and system objectives.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-72689	VROM-CS-000250	SV-87321r1_rule		Medium

Description
A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or unintended system behavior caused by invalid inputs, where information system responses to the invalid input may be disruptive or cause the system to fail into an unsafe state. The behavior will be derived from the organizational and system requirements and includes, but is not limited to, notification of the appropriate personnel, creating an audit record, and rejecting invalid input.

Description

A common vulnerability is unplanned behavior when invalid inputs are received. This requirement guards against adverse or unintended system behavior caused by invalid inputs, where information system responses to the invalid input may be disruptive or cause the system to fail into an unsafe state. The behavior will be derived from the organizational and system requirements and includes, but is not limited to, notification of the appropriate personnel, creating an audit record, and rejecting invalid input.

STIG	Date
vRealize - Cassandra Security Technical Implementation Guide	2017-06-06

Details

Check Text ( C-72845r1_chk )
Review the Cassandra Server to ensure that it behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received. Open the "cqlsh" prompt in the Cassandra Server and type "DESCRIBE KEYSPACES;". Type "DESCRIBE " for all the keyspace names that have been displayed as output for the first command. Review keyspaces content. Open the console to the server that Cassandra DB is hosted at and type: "find / \| grep "logback.xml"". Open "logback.xml" file and review "level" parameter value under . If level is not set to "ALL", this is a finding.

Check Text ( C-72845r1_chk )

Review the Cassandra Server to ensure that it behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

Open the "cqlsh" prompt in the Cassandra Server and type "DESCRIBE KEYSPACES;". Type "DESCRIBE " for all the keyspace names that have been displayed as output for the first command. Review keyspaces content.

Open the console to the server that Cassandra DB is hosted at and type: "find / | grep "logback.xml"". Open "logback.xml" file and review "level" parameter value under .

If level is not set to "ALL", this is a finding.

Fix Text (F-79093r1_fix)

Configure the Cassandra Server to behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

Modify tables by adding constraints (CREATE TRIGGER IF NOT EXISTS ON , where TRIGGER triggered validation event).

Open console to the server, Cassandra DB is hosted at, and type: "find / | grep "logback.xml"". Open "logback.xml" file and set "level" parameter value under to "ALL".