SV-220475r604141_rule
V-220475
SRG-APP-000026-NDM-000208
CISC-ND-000090
CAT II
10
Configure the switch to log account creation using the following steps:
Step 1: Configure the AAA servers as shown in the example below:
SW1(config)# radius-server host 10.1.48.10
SW1(config)# radius-server host 10.1.48.12
Step 2: Configure an AAA server group as shown in the example below:
SW1(config)# aaa group server radius RADIUS_SERVERS
SW1(config-radius)# server 10.1.48.10
SW1(config-radius)# server 10.1.48.12
SW1(config-radius)# exit
Step 3: Enable AAA accounting as shown in the example below:
SW1(config)# aaa accounting default group RADIUS_SERVERS
SW1(config)# end
Review the switch configuration to determine if it automatically audits account creation.
Step 1: Verify that account records will be sent to an AAA server as shown in the example below:
aaa accounting default group RADIUS_SERVERS
Step 2: Verify that the referenced group name has defined AAA servers that are online.
aaa group server radius RADIUS_SERVERS
server 10.1.48.10
server 10.1.48.12
Note: Cisco NX-OS devices report configuration activity to TACACS+ or RADIUS servers in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the AAA server.
If account creation is not automatically audited, this is a finding.
V-220475
False
CISC-ND-000090
Review the switch configuration to determine if it automatically audits account creation.
Step 1: Verify that account records will be sent to an AAA server as shown in the example below:
aaa accounting default group RADIUS_SERVERS
Step 2: Verify that the referenced group name has defined AAA servers that are online.
aaa group server radius RADIUS_SERVERS
server 10.1.48.10
server 10.1.48.12
Note: Cisco NX-OS devices report configuration activity to TACACS+ or RADIUS servers in the form of accounting records. Each accounting record contains accounting attribute-value (AV) pairs and is stored on the AAA server.
If account creation is not automatically audited, this is a finding.
M
4066