Riverbed Optimization System (RiOS) must generate a log event when privileged functions are executed.

An XCCDF Rule

Description

<VulnDiscussion>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-77347r1_rule
Severity: Low
References: CCI-002234
Updated: about 1 year ago

Since all commands on the device are privileged commands, the following command ensures execution of commands are sent to the Syslog Server. 

Navigate to the Device Management Console
Navigate to Configure >> System Settings >> Logging

Under "Remote Log Servers", click "Add a New Log Server"Enter the server IP address

Under Logging Configurations >> Minimum Severity, select "Info"

Click "Add"

Add an IP and Minimum Severity level for the backup Syslog server.

Riverbed Optimization System (RiOS) must generate a log event when privileged functions are executed.

Description

Remediation - Manual Procedure