The A10 Networks ADC must produce audit log records containing information (FQDN, unique hostname, management or loopback IP address) to establish the source of events.
An XCCDF Rule
Description
<VulnDiscussion>In order to compile an accurate risk assessment and provide forensic analysis, it is essential for security personnel to know the source of the event. The source may be a component, module, or process within the device or an external session, administrator, or device. Associating information about where the source of the event occurred provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured device. When the event log or system log is written to a syslog server, the hostname is included with each record.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-82529r1_rule
- Severity
- Low
- References
- Updated
Remediation - Manual Procedure
The following command will change the hostname:
hostname [string]
The string can contain 1 to 31 characters and can contain the following characters: a-z A-Z 0-9 - . ( )
Note: The device automatically includes the hostname in each Syslog message.