STIGQter: STIG Summary: vRealize - Cassandra Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

The Cassandra database log configuration file must set internode encryption.

DISA Rule

SV-87293r1_rule

Vulnerability Number

V-72661

Group Title

SRG-APP-000172-DB-000075

Rule Version

VROM-CS-000140

Severity

CAT II

CCI(s)

• CCI-000197 - The information system, for password-based authentication, transmits only cryptographically-protected passwords.

Weight

10

Fix Recommendation

Configure encryption for transmission of passwords across the network. If the database does not provide encryption for logon events natively, employ encryption at the OS or network level.

At the command line execute the following command:

# sed -i 's/^.*\binternode_encryption:.*$/internode_encryption: all/' /usr/lib/vmware-vcops/user/conf/cassandra/cassandra.yaml

Check Contents

Review configuration settings for encrypting passwords in transit across the network. If passwords are not encrypted, this is a finding.

At the command prompt, execute the following command:

# grep '^\s*internode_encryption:' /usr/lib/vmware-vcops/user/conf/cassandra/cassandra.yaml

If the line below is returned, this is a finding:
internode_encryption: all

Vulnerability Number

V-72661

Documentable

False

Rule Version

VROM-CS-000140

Severity Override Guidance

Review configuration settings for encrypting passwords in transit across the network. If passwords are not encrypted, this is a finding.

At the command prompt, execute the following command:

# grep '^\s*internode_encryption:' /usr/lib/vmware-vcops/user/conf/cassandra/cassandra.yaml

If the line below is returned, this is a finding:
internode_encryption: all

Check Content Reference

M

Target Key

3179

Comments