STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

The Infoblox system audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.

DISA Rule

SV-233858r621666_rule

Vulnerability Number

V-233858

Group Title

SRG-APP-000125-DNS-000012

Rule Version

IDNS-8X-300002

Severity

CAT II

CCI(s)

• CCI-001348 - The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.

Weight

10

Fix Recommendation

1. Navigate to Grid >> Grid Manager >> Grid Properties, or System >> System Manager >> System Properties if using a stand-alone configuration.
2. Select the "Monitoring" tab. Enable "Log to External Syslog Servers" and configure an "External Syslog Server".
3. Enable the checkbox "Copy Audit Log Message to Syslog".
4. When complete, click "Save & Close" to save the changes and exit the "Properties" screen.
5. Perform a service restart if necessary.
6. Review Infoblox audit records on the remote SYSLOG server to validate operation.

Check Contents

1. Navigate to Grid >> Grid Manager >> Grid Properties, or System >> System Manager >> System Properties if using a stand-alone configuration.
2. Select the "Monitoring" tab.
3. If "Log to External Syslog Servers" is enabled, an External Syslog Server must be configured.
4. Verify that "Copy Audit Log Message to Syslog" is enabled.
5. Verify that log messages are received on the remote system.

If no external SYSLOG server is available, verify local procedure to retain audit logs.

Logs can be downloaded by navigating to Administration >> Logs >> Audit Log tab and pressing the "Download" button.

When complete, click "Cancel" to exit the "Properties" screen.

If an external SYSLOG server is not configured or a local policy is not in place to store audit logs, this is a finding.

Vulnerability Number

V-233858

Documentable

False

Rule Version

IDNS-8X-300002

Severity Override Guidance

1. Navigate to Grid >> Grid Manager >> Grid Properties, or System >> System Manager >> System Properties if using a stand-alone configuration.
2. Select the "Monitoring" tab.
3. If "Log to External Syslog Servers" is enabled, an External Syslog Server must be configured.
4. Verify that "Copy Audit Log Message to Syslog" is enabled.
5. Verify that log messages are received on the remote system.

If no external SYSLOG server is available, verify local procedure to retain audit logs.

Logs can be downloaded by navigating to Administration >> Logs >> Audit Log tab and pressing the "Download" button.

When complete, click "Cancel" to exit the "Properties" screen.

If an external SYSLOG server is not configured or a local policy is not in place to store audit logs, this is a finding.

Check Content Reference

M

Target Key

5251

Comments