STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

The DataPower Gateway must audit the execution of privileged functions.

DISA Rule

SV-79629r1_rule

Vulnerability Number

V-65139

Group Title

SRG-APP-000343-NDM-000289

Rule Version

WSDP-NM-000091

Severity

CAT II

CCI(s)

• CCI-002234 - The information system audits the execution of privileged functions.

Weight

10

Fix Recommendation

The DataPower device logs the execution of all privileged functions.

The DataPower Audit log is enabled by default. To configure this log, go to the WebGUI at Objects >> Logging Configuration >> Audit Log Settings. Set the Administrative state to "enable". Specify the desired Log Size, Number of Rotations. Set the Audit Level to "full" (the default setting). The result of this configuration must be that the status displayed alongside the "Audit Log Settings" heading is "[up]".

Check Contents

Using the WebGUI, go to Objects >> Logging Configuration >> Audit Log Settings. Confirm that the Administrative state is "enabled" and that the status displayed alongside the "Audit Log Settings" heading is "[up]".

As a final test, execute a privileged function and confirm that an entry appears in the audit log. Using the WebGUI, go to Administration >> Access >> New User Account. Click "No". Select "Developer". Click Next. Enter "TestDeveloper" as the name and enter a password. Click Next. Click Commit. Click Done.

Now view the Audit log by using the WebGUI to got to Status >> View Logs >> Audit Log. Scroll to the bottom of the log and confirm that you see the following entry: "user 'TestDeveloper' - Configuration added".

If this event message does not appear in the audit log, this is a finding.

Vulnerability Number

V-65139

Documentable

False

Rule Version

WSDP-NM-000091

Severity Override Guidance

Using the WebGUI, go to Objects >> Logging Configuration >> Audit Log Settings. Confirm that the Administrative state is "enabled" and that the status displayed alongside the "Audit Log Settings" heading is "[up]".

As a final test, execute a privileged function and confirm that an entry appears in the audit log. Using the WebGUI, go to Administration >> Access >> New User Account. Click "No". Select "Developer". Click Next. Enter "TestDeveloper" as the name and enter a password. Click Next. Click Commit. Click Done.

Now view the Audit log by using the WebGUI to got to Status >> View Logs >> Audit Log. Scroll to the bottom of the log and confirm that you see the following entry: "user 'TestDeveloper' - Configuration added".

If this event message does not appear in the audit log, this is a finding.

Check Content Reference

M

Target Key

2861

Comments