MarkLogic Server must initiate session auditing upon startup.
An XCCDF Rule
Description
<VulnDiscussion>Session auditing is used when a user's activities are under investigation. To ensure all activity is captured during the periods when session auditing is in use, it must be in operation for the entire time the DBMS is running.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-220347r879562_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure MarkLogic session-level auditing, ensure specific session audits are currently defined, and enable session auditing or verify a third-party product is available for session auditing.
Perform the fix from the MarkLogic Server Admin Interface with a user that holds administrative-level privileges.
1. Click the Groups icon.
2. Click the group in which the configuration to check resides (e.g., Default).