The MQ Appliance network device must generate audit records for all account creations, modifications, disabling, and termination events.
An XCCDF Rule
Description
<VulnDiscussion>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Using a syslog logging target, the MQ Appliance logs all audit events, including account creations, modifications, disabling, and termination events. Logging may be set to the following logging levels in descending order of criticality: debug, info, notice, warn, error, alert, emerg. The default is notice. Audit records can be generated from various components within the MQ Appliance network device (e.g., module or policy filter).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-89685r1_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure a syslog target by using the command line interface (CLI). Log on as an administrative user.
To enter global configuration mode, enter "config".
To create a syslog target, enter:
logging target <logging target name>