Navigate

Check: SRG-APP-000092-AU-000670

Central Log Server SRG: SRG-APP-000092-AU-000670 (in versions v2 r2 through v1 r3)

Title

The Central Log Server must initiate session auditing upon startup. (Cat III impact)

Discussion

If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.

Check Content

Examine the configuration. Verify that the Central Log Server initiates session logging upon startup. If the Central Log Server is not configured to initiate session logging upon startup, this is a finding.

Fix Text

Configure the Central Log Server to initiate session logging upon startup.

Additional Identifiers

Rule ID: SV-221907r420065_rule

Vulnerability ID: V-221907

Group Title: SRG-APP-000092

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001464	The information system initiates session audits at system start-up.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
AU-14 (1)	System Start-Up