STIGQter: STIG Summary: CA API Gateway NDM Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 19 Sep 2016:

The CA API Gateway must forward all log audit log messages to the central log server.

DISA Rule

SV-86149r1_rule

Vulnerability Number

V-71525

Group Title

SRG-APP-000125-NDM-000241

Rule Version

CAGW-DM-000130

Severity

CAT III

CCI(s)

• CCI-001348 - The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.

Weight

10

Fix Recommendation

Configure the CA API Gateway to forward all audit log messages to the central log server.

- Log in to CA API Gateway as root.
- Open "/etc/rsyslog.conf" for editing.
- Add a rule "*.* @@loghost.log.com" to the ruleset section of the "rsyslogd.conf" file.

Check Contents

Verify the CA API Gateway forwards all log audit log messages to the central log server.

Within the "/etc/rsyslog.conf" file, confirm a rule in the format "*.* @@loghost.log.com" is in the ruleset section.

If the CA API Gateway "/etc/rsyslog.conf" file does not have a rule in the format "*.* @@loghost.log.com" in the ruleset section, this is a finding.

Vulnerability Number

V-71525

Documentable

False

Rule Version

CAGW-DM-000130

Severity Override Guidance

Verify the CA API Gateway forwards all log audit log messages to the central log server.

Within the "/etc/rsyslog.conf" file, confirm a rule in the format "*.* @@loghost.log.com" is in the ruleset section.

If the CA API Gateway "/etc/rsyslog.conf" file does not have a rule in the format "*.* @@loghost.log.com" in the ruleset section, this is a finding.

Check Content Reference

M

Target Key

3051

Comments