Free DISA STIG and SRG Library | Vaulted

V-71525

The CA API Gateway must forward all log audit log messages to the central log server.

Finding ID
CAGW-DM-000130
Rule ID
SV-86149r1_rule
Severity
Cat III
CCE
(None)
Group Title
SRG-APP-000125-NDM-000241
CCI
CCI-001348
Target Key
(None)
Documentable
No
Discussion

Protection of log data includes assuring log data is not accidentally lost or deleted. Regularly backing up audit records to a different system or onto separate media than the system being audited helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.

Fix Text

Configure the CA API Gateway to forward all audit log messages to the central log server. - Log in to CA API Gateway as root. - Open "/etc/rsyslog.conf" for editing. - Add a rule "*.* @@loghost.log.com" to the ruleset section of the "rsyslogd.conf" file.

Check Content

Verify the CA API Gateway forwards all log audit log messages to the central log server. Within the "/etc/rsyslog.conf" file, confirm a rule in the format "*.* @@loghost.log.com" is in the ruleset section. If the CA API Gateway "/etc/rsyslog.conf" file does not have a rule in the format "*.* @@loghost.log.com" in the ruleset section, this is a finding.