Check: AADC-NM-000029
A10 Networks ADC NDM STIG:
AADC-NM-000029
(in version v1 r1)
Title
The A10 Networks ADC must produce audit log records containing information (FQDN, unique hostname, management or loopback IP address) to establish the source of events. (Cat III impact)
Discussion
In order to compile an accurate risk assessment and provide forensic analysis, it is essential for security personnel to know the source of the event. The source may be a component, module, or process within the device or an external session, administrator, or device. Associating information about where the source of the event occurred provides a means of investigating an attack; recognizing resource utilization or capacity thresholds; or identifying an improperly configured device. When the event log or system log is written to a syslog server, the hostname is included with each record.
Check Content
Observe someone logging onto the device. The prompt will appear after a successful logon. If the prompt is not a unique hostname assigned by the organization, this is a finding. Note: The device automatically includes the hostname in each Syslog message.
Fix Text
The following command will change the hostname: hostname [string] The string can contain 1 to 31 characters and can contain the following characters: a-z A-Z 0-9 - . ( ) Note: The device automatically includes the hostname in each Syslog message.
Additional Identifiers
Rule ID: SV-82529r1_rule
Vulnerability ID: V-68039
Group Title: SRG-APP-000098-NDM-000228
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000133 |
The information system generates audit records containing information that establishes the source of the event. |
Controls
Number | Title |
---|---|
AU-3 |
Content Of Audit Records |