MarkLogic Server must protect its audit features from unauthorized access.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-220352 | ML09-00-002200 | SV-220352r960939_rule | Medium |
| Description |
| STIG | Date |
| MarkLogic Server v9 Security Technical Implementation Guide | 2024-09-04 |
Details
| Check Text (C-22067r401507_chk) |
| Review access permissions to tools used to view or modify audit log data. Since MarkLogic Audit logs are stored in plain text files, this includes text editors provided by the OS. Alternatively, enable Encryption-at-Rest for the logs. This would ensure only individuals/systems with a valid encryption key may access the data within logs and audit files. If appropriate permissions and access controls are not applied to prevent unauthorized modification of these tools, and Encryption-at-Rest is not enabled for logs, this is a finding. Perform the check from the MarkLogic Admin Interface with a user that holds administrative-level privileges. 1. Click the Clusters icon on the left tree menu. 2. Click the Keystore tab. 3. If "logs encryption" is set to "off", this is a finding. |
| Fix Text (F-22056r401508_fix) |
| Add or modify access controls and permissions for tools used to view or modify audit log data, including OS text editors. Since MarkLogic Audit logs are stored in plain text files, this includes text editors provided by the OS. Tools must be accessible by authorized personnel only. Alternatively, Encryption-at-Rest for system logs may be enabled to prevent unauthorized disclosure of contained information. Perform the fix from the MarkLogic Admin Interface with a user that holds administrative-level privileges. 1. Click the Clusters icon on the left tree menu. 2. Click the Keystore tab. 3. Change "logs encryption" setting to "on". |