MarkLogic Server must generate audit records when successful logons or connections occur.

An XCCDF Rule

Description

<VulnDiscussion>For completeness of forensic analysis, it is necessary to track who/what (a user or other principal) logs on to the DBMS.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-220408r961824_rule
Severity: Medium
References: CCI-000172
Updated: 17 days ago

Configure MarkLogic audit settings to generate an audit record each time a user (or other principal) logs on or connects to the DBMS. 

Perform the fix from the MarkLogic Server Admin Interface with a user that holds administrative-level privileges.

1. Click the Groups icon.
2. Click the group in which the configuration to check resides (e.g., Default).3. Click the Auditing icon on the left tree menu.
4. Set the audit enabled field to true.
5. Enable the authentication-failure event for auditing.
6. Enable "both" for the audit restriction under the outcome selection.
7. Ensure no roles, URIs, or users are identified in the audit restrictions, unless documented in the System Security Plan.

MarkLogic Server must generate audit records when successful logons or connections occur.

Description

Remediation - Manual Procedure