STIGQter STIGQter: STIG Summary: IBM DataPower Network Device Management Security Technical Implementation Guide Version: 1 Release: 2 Benchmark Date: 24 Oct 2017:

The DataPower Gateway must allocate audit record storage capacity in accordance with organization-defined audit record storage requirements.

DISA Rule

SV-79633r1_rule

Vulnerability Number

V-65143

Group Title

SRG-APP-000357-NDM-000293

Rule Version

WSDP-NM-000095

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Development configuration (on-box logging):
Using the DataPower WebGUI, navigate to Objects >> Logging Configuration >> Audit Log Settings. Specify the desired Log Size, Number of Rotations, and audit level. Press Apply then Save Configuration. (Maximum available log space is approximately 50GB - less space consumed by other data on the device.)

Production configuration (off-box logging):
Using the DataPower WebGUI, navigate to Objects >> Logging Configuration >> Log Target. On the main tab, choose a Target Type, e.g., syslog-tcp, and a Log Format. Specify the remote host and port of the logging server. Enter other parameters according to your requirements, e.g., SSL security.

On the Event Subscriptions tab, add an Event Subscription. Select "audit" as the Event Category. Select a minimum Event Priority, e.g., "error. Click "Apply" >> Click "Apply" >> Click "Save Configuration". Confirm that the status of the log target is displayed as [up] alongside the Log Target heading at the top of the page.

Check Contents

Development configuration (on-box logging): Using the DataPower web interface, navigate to Objects >> Logging Configuration >> Audit Log Settings. Verify that the desired Log Size, Number of Rotations has resulted in "[up]" status displayed after the "Audit Log Settings" heading at the top of page. In the WebGUI, navigate to Status >> View Logs >> System Logs. Ensure the following event message is not displayed: 0x82400067 Audit log space low - using audit reserve space.

If this message appears, it is a finding.

Production configuration (off-box logging)
Using the DataPower WebGUI, navigate to Objects >> Logging Configuration >> Log Target. On the main tab, verify that the correct Target Type and Log Format are selected. Confirm that the remote host and port of an organizationally approved logging server are designated. Confirm that all additional parameters are chosen according to your requirements. Confirm that the status of the log target is displayed as [up] alongside the Log Target heading at the top of the page.

If the status is not up, this is a finding.

Vulnerability Number

V-65143

Documentable

False

Rule Version

WSDP-NM-000095

Severity Override Guidance

Development configuration (on-box logging): Using the DataPower web interface, navigate to Objects >> Logging Configuration >> Audit Log Settings. Verify that the desired Log Size, Number of Rotations has resulted in "[up]" status displayed after the "Audit Log Settings" heading at the top of page. In the WebGUI, navigate to Status >> View Logs >> System Logs. Ensure the following event message is not displayed: 0x82400067 Audit log space low - using audit reserve space.

If this message appears, it is a finding.

Production configuration (off-box logging)
Using the DataPower WebGUI, navigate to Objects >> Logging Configuration >> Log Target. On the main tab, verify that the correct Target Type and Log Format are selected. Confirm that the remote host and port of an organizationally approved logging server are designated. Confirm that all additional parameters are chosen according to your requirements. Confirm that the status of the log target is displayed as [up] alongside the Log Target heading at the top of the page.

If the status is not up, this is a finding.

Check Content Reference

M

Target Key

2861

Comments