Check: TMDS-00-000075
Trend Micro Deep Security 9.x STIG:
TMDS-00-000075
(in versions v2 r1 through v1 r1)
Title
Trend Deep Security must initiate session auditing upon startup. (Cat II impact)
Discussion
If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created.
Check Content
Review the Trend Deep Security server to ensure session auditing upon startup is initiated. Verify the following events within the Administration >> System Settings >> System Events, are set to “Record.” 600 User Signed In 601 User Signed Out 602 User Timed Out 603 User Locked Out 608 User Session Validation Failed 610 User Session Validated If these settings are not set to “Record”, this is a finding.
Fix Text
Configure the Trend Deep Security server to initiate session auditing upon startup. Go to Administration >> System Settings >> System Events, and set the following settings to “Record.” 600 User Signed In 601 User Signed Out 602 User Timed Out 603 User Locked Out 608 User Session Validation Failed 610 User Session Validated
Additional Identifiers
Rule ID: SV-241122r879562_rule
Vulnerability ID: V-241122
Group Title: SRG-APP-000092
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001464 |
The information system initiates session audits at system start-up. |
Controls
Number | Title |
---|---|
AU-14 (1) |
System Start-Up |