Title

Redis Enterprise DBMS must provide a warning to appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity. (Cat II impact)

Discussion

Organizations are required to use a central log management system, so under normal conditions, the audit space allocated to the DBMS on its own server will not be an issue. However, space will still be required on the DBMS server for audit records in transit, and, under abnormal conditions, this could fill up. Since a requirement exists to halt processing upon audit failure, a service outage would result. If support personnel are not notified immediately upon storage volume utilization reaching 75 percent, they are unable to plan for storage capacity expansion. The appropriate support staff include, at a minimum, the ISSO and the DBA/SA.

Check Content

To verify that Redis Enterprise has been configured to send appropriate support staff when allocated audit record storage volume reaches 75 percent of maximum audit record storage capacity: 1. Log in to the Redis Enterprise UI as a user with the Admin role. 2. Navigate to the Settings tab and then to Alerts. 3. Verify that the appropriate Alerts are enabled to notify support staff when storage volume reaches 75 percent. 4. Navigate to the General subtab and scroll down to verify that an email server is set up to send out alert notifications. 5. Lastly, navigate to the Access Control tab and verify that the appropriate users listed are configured to receive alert notifications. To view on a specific database: 1. Navigate to the Databases tab on the UI. 2. Select the Databases from the list and then select configuration. 3. Scroll down to view the Alert settings. Also verify that the RHEL server OS is STIG compliant to notify support staff when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity. If appropriate support staff are not notified immediately upon storage volume utilization reaching 75 percent, this is a finding.

Fix Text

To configure cluster alerts: 1. Log in to the Redis Enterprise AdminUI (repeat this step for the following sections as well). 2. Navigate to settings >> alerts. Alerts may be enabled for node or cluster events, such as high memory usage or throughput. Configurable alerts may be displayed as follows: - As a warning icon for the node and cluster - In the logs - In email notifications, if email alerts are configured Note: If alerts are enabled for "Node joined" or "Node removed" actions, "Receive email alerts" must also be enabled so the notifications are sent. To enable alerts for a cluster: In settings >> alerts, select the desired alerts to show for the cluster and click "Save". Database alerts: For each database, alerts may be enabled for database events, such as high memory usage or throughput. Configured alerts are shown: - As a warning icon (Warning) for the database - In the log - In emails, if email alerts are configured To enable alerts for a database: 1. In configuration for each database, click show advanced options to view and select the database alerts. 2. Click "Update". To send cluster or database alerts by email: 1. Log in to the Redis Enterprise UI. 2. Navigate to settings >> alerts, then select Receive email alerts at the bottom of the page. 3. Configure the email server settings. 4. In access control, select for each user the database and cluster alerts that are to be received by the user.

Additional Identifiers

Rule ID: SV-251197r879732_rule

Vulnerability ID: V-251197

Group Title: SRG-APP-000359-DB-000319

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.