An error occurred:

Check: IDNS-8X-300002

Infoblox 8.x DNS STIG: IDNS-8X-300002 (in version v1 r1)

Title

The Infoblox system audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited. (Cat II impact)

Discussion

Protection of log data includes ensuring that log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on a defined frequency helps to ensure that, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records.

Check Content

1. Navigate to Grid >> Grid Manager >> Grid Properties, or System >> System Manager >> System Properties if using a stand-alone configuration. 2. Select the "Monitoring" tab. 3. If "Log to External Syslog Servers" is enabled, an External Syslog Server must be configured. 4. Verify that "Copy Audit Log Message to Syslog" is enabled. 5. Verify that log messages are received on the remote system. If no external SYSLOG server is available, verify local procedure to retain audit logs. Logs can be downloaded by navigating to Administration >> Logs >> Audit Log tab and pressing the "Download" button. When complete, click "Cancel" to exit the "Properties" screen. If an external SYSLOG server is not configured or a local policy is not in place to store audit logs, this is a finding.

Fix Text

1. Navigate to Grid >> Grid Manager >> Grid Properties, or System >> System Manager >> System Properties if using a stand-alone configuration. 2. Select the "Monitoring" tab. Enable "Log to External Syslog Servers" and configure an "External Syslog Server". 3. Enable the checkbox "Copy Audit Log Message to Syslog". 4. When complete, click "Save & Close" to save the changes and exit the "Properties" screen. 5. Perform a service restart if necessary. 6. Review Infoblox audit records on the remote SYSLOG server to validate operation.

Additional Identifiers

Rule ID: SV-233858r621666_rule

Vulnerability ID: V-233858

Group Title: SRG-APP-000125-DNS-000012

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001348

The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
AU-9 (2)

Audit Backup On Separate Physical Systems / Components