STIGQter: STIG Summary: Infoblox 8.x DNS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Jan 2021:

In the event of a system failure, the Infoblox system must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to mission processes.

DISA Rule

SV-233920r621666_rule

Vulnerability Number

V-233920

Group Title

SRG-APP-000226-DNS-000032

Rule Version

IDNS-8X-700015

Severity

CAT II

CCI(s)

• CCI-001665 - The information system preserves organization-defined system state information in the event of a system failure.

Weight

10

Fix Recommendation

1. Navigate to Grid >> Grid Manager >> Grid Properties, or System >> System Manager >> System Properties if using a stand-alone configuration.
2. Select the "Monitoring" tab.
3. Enable "Log to External Syslog Server" and configure at least one External Syslog Server.
4. Enable the option "Copy Audit Log Message to Syslog".
5. Click "Save & Close" to save the changes and exit the "Properties" screen.
6. Perform a service restart if necessary.

Check Contents

By default, all system events are logged to the local SYSLOG and stored on the Infoblox appliance. To ensure log data is preserved in the event of system failure, an external log server must be configured. Verify that external logging is operational and messages from the Audit log are also forwarded to the remote log system.

1. Navigate to Grid >> Grid Manager >> Grid Properties, or System >> System Manager >> System Properties if using a stand-alone configuration.
2. Select the "Monitoring" tab.
3. Validate that "Log to External Syslog Servers" is enabled and an External Syslog Server must be configured.
4. Validate "Copy Audit Log Message to Syslog" is enabled.
5. When complete, click "Cancel" to exit the "Properties" screen.

If both "Log to External Syslog Servers" and "Copy Audit Log Message to Syslog" are not enabled, this is a finding.

Vulnerability Number

V-233920

Documentable

False

Rule Version

IDNS-8X-700015

Severity Override Guidance

By default, all system events are logged to the local SYSLOG and stored on the Infoblox appliance. To ensure log data is preserved in the event of system failure, an external log server must be configured. Verify that external logging is operational and messages from the Audit log are also forwarded to the remote log system.

1. Navigate to Grid >> Grid Manager >> Grid Properties, or System >> System Manager >> System Properties if using a stand-alone configuration.
2. Select the "Monitoring" tab.
3. Validate that "Log to External Syslog Servers" is enabled and an External Syslog Server must be configured.
4. Validate "Copy Audit Log Message to Syslog" is enabled.
5. When complete, click "Cancel" to exit the "Properties" screen.

If both "Log to External Syslog Servers" and "Copy Audit Log Message to Syslog" are not enabled, this is a finding.

Check Content Reference

M

Target Key

5251

Comments