STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018: STIGQter: STIG Summary: Bromium Secure Platform 4.x Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 10 May 2018:SV-95157r1_rule
V-80453
SRG-APP-000357
BROM-00-000770
CAT II
10
The BEC administrator must work with the site DBA and system administrator to obtain storage allocation requirements for "history.log".
The "history.log" default size threshold is 5 MB. The system administrator has two options for managing storage of "history.log" contents.
Option 1: (Preferred)
1. Automatically forward all contents of "history.log" to the site's central log server in real time.
2. Install the file monitoring agent that is provided by the site's centralized events server (e.g., syslog, SIEM) and configure to monitor and forward "history.log" (example: C:\Program Data\Bromium\BMS\Logs\history.log). Follow the instructions included with the central log server.
Option 2 (use only with documentation of mission need):
1. Automatically back up all "history.log" files that have been aged out due to reaching maximum size threshold. Then delete the archived copies to free up room.
NOTE: By default, the BEC server creates up to 5 archives. Though not recommended, the default maximum number of archives can be changed by editing the "audit_log_backup_count" parameter in "settings.json". (C:\ProgramData\Bromium\BMS\settings.json)
2. Follow the instructions included with the backup solution. Some solutions include an agent that must be installed on the BEC and some do not.
Ask the site representatives if they have developed and implemented a solution for storing the contents of "history.log" to minimize the risk of exceeding the system's storage capacity.
If the option to forward the contents of "history.log" to a centralized events server was implemented, check that the agent associated with the central log server has been installed on the BEC.
If the option to back up the contents of "history.log" was implemented, check that the backup solution has been configured to include the "history.log" files residing on the BEC.
If the BEC does not manage log record storage capacity so "history.log" does not exceed physical drive space capacity allocated by the DBA and system administrator, this is a finding.
V-80453
False
BROM-00-000770
Ask the site representatives if they have developed and implemented a solution for storing the contents of "history.log" to minimize the risk of exceeding the system's storage capacity.
If the option to forward the contents of "history.log" to a centralized events server was implemented, check that the agent associated with the central log server has been installed on the BEC.
If the option to back up the contents of "history.log" was implemented, check that the backup solution has been configured to include the "history.log" files residing on the BEC.
If the BEC does not manage log record storage capacity so "history.log" does not exceed physical drive space capacity allocated by the DBA and system administrator, this is a finding.
M
3375