The Dell OS10 Switch must generate log records for a locally developed list of auditable events.

An XCCDF Rule

Description

Auditing and logging are key components of any security architecture. Logging the actions of specific events provides a means to investigate an attack; to recognize resource usage or capacity thresholds; or to identify an improperly configured network device. If auditing is not comprehensive, it will not be useful for intrusion monitoring, security investigations, and forensic analysis.

ID: SV-269800r1052422_rule
Version: OS10-NDM-000910
Severity: Medium
References: CCI-000169 CCI-000366
Updated: about 2 months ago

Remediation Templates

Configure the OS10 Switch to enable audit logging:

OS10(config)# logging audit enable

Configure the switch to log a locally developed list of auditable events by adding appropriate configuration for audit as shown in the example below.
From a shell as root, add desired audit rules to a file in the /etc/audit/rules.d/ directory, as in this example:

OS10# system "sudo -i"
[sudo] password for admin:
root@OS10:~# echo “-w /var/log/sudo.log -p wa -k actions" >> /etc/audit/rules.d/audit.rules
root@OS10:~#

Delete any rules from the rule sets with the obsolete action of “entry”:

root@OS10:~# sed -i '/-a entry/d' /etc/audit/rules.d/*

Reload the rules files:

root@OS10:~# augenrules --load

The Dell OS10 Switch must generate log records for a locally developed list of auditable events.

Description

Remediation Templates

A Manual Procedure