The HPE 3PAR OS must be configured to send SNMP alerts to alert in the event of an audit processing failure.

An XCCDF Rule

Description

<VulnDiscussion>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected. The HPE 3PAR OS will send an SNMP trap event on any failure of audit components (failure to write a record, failure to send to remote syslog server, etc.). All of these conditions are automatically recovered Q20 in the short term. Configuration of the SNMP consumer is required to facilitate collection of these events.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-255275r958424_rule
Severity: Medium
References: CCI-000139
Updated: 17 days ago

To configure SNMPv3 alert notifications, use this sequence of operations.

Create and enable an SNMPv3 user, and create associated keys for authentication and privacy:
cli% createuser 3parsnmpuser all browse
Enter the password and confirm
cli%  createsnmpuser 3parsnmpuser
at the prompt, enter the password
at the next prompt, re-enter the password.

Add the IP address of the SNMPv3 trap recipient, where permissions of the account are used:
cli%  addsnmpmgr -version 3 -snmpuser 3parsnmpuser  <ip address>

The HPE 3PAR OS must be configured to send SNMP alerts to alert in the event of an audit processing failure.

Description

Remediation - Manual Procedure