STIGQter: STIG Summary: MongoDB Enterprise Advanced 3.x Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Jul 2020:

MongoDB must allocate audit record storage capacity in accordance with site audit record storage requirements.

DISA Rule

SV-96619r1_rule

Vulnerability Number

V-81905

Group Title

SRG-APP-000357-DB-000316

Rule Version

MD3X-00-000620

Severity

CAT II

CCI(s)

• CCI-001849 - The organization allocates audit record storage capacity in accordance with organization-defined audit record storage requirements.

Weight

10

Fix Recommendation

View the mongodb configuration file (default location: /etc/mongod.conf) and view the "auditlog.path" to identify the storage volume.

Allocate sufficient space to the storage volume hosting the file identified in the MongoDB configuration "auditLog.path" to support audit file peak demand.

Check Contents

Investigate whether there have been any incidents where MongoDB ran out of audit log space since the last time the space was allocated or other corrective measures were taken.

If there have been incidents where MongoDB ran out of audit log space, this is a finding.

A MongoDB audit log that is configured to be stored in a file is identified in the MongoDB configuration file (default: /etc/mongod.conf) under the "auditLog:" key and subkey "destination:" where "destination" is "file".

If this is the case then the "AuditLog:" subkey "path:" determines where (device/directory) that file will be located.

View the mongodb configuration file (default location: /etc/mongod.conf) and identify how the "auditlog.destination" is configured.

When the "auditlog.destination" is "file", this is a finding.

Vulnerability Number

V-81905

Documentable

False

Rule Version

MD3X-00-000620

Severity Override Guidance

Investigate whether there have been any incidents where MongoDB ran out of audit log space since the last time the space was allocated or other corrective measures were taken.

If there have been incidents where MongoDB ran out of audit log space, this is a finding.

A MongoDB audit log that is configured to be stored in a file is identified in the MongoDB configuration file (default: /etc/mongod.conf) under the "auditLog:" key and subkey "destination:" where "destination" is "file".

If this is the case then the "AuditLog:" subkey "path:" determines where (device/directory) that file will be located.

View the mongodb configuration file (default location: /etc/mongod.conf) and identify how the "auditlog.destination" is configured.

When the "auditlog.destination" is "file", this is a finding.

Check Content Reference

M

Target Key

3265

Comments