STIGQter: STIG Summary: vRealize - Cassandra Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017:

When invalid inputs are received, the Cassandra Server must behave in a predictable and documented manner that reflects organizational and system objectives.

DISA Rule

SV-87321r1_rule

Vulnerability Number

V-72689

Group Title

SRG-APP-000447-DB-000393

Rule Version

VROM-CS-000250

Severity

CAT II

CCI(s)

• CCI-002754 - The information system behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

Weight

10

Fix Recommendation

Configure the Cassandra Server to behave in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

Modify tables by adding constraints (CREATE TRIGGER IF NOT EXISTS <trigger_name> ON <table name>, where TRIGGER triggered validation event).

Open console to the server, Cassandra DB is hosted at, and type: "find / | grep "logback.xml"". Open "logback.xml" file and set "level" parameter value under <root /> to "ALL".

Check Contents

Review the Cassandra Server to ensure that it behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

Open the "cqlsh" prompt in the Cassandra Server and type "DESCRIBE KEYSPACES;". Type "DESCRIBE <keyspace name>" for all the keyspace names that have been displayed as output for the first command. Review keyspaces content.

Open the console to the server that Cassandra DB is hosted at and type: "find / | grep "logback.xml"". Open "logback.xml" file and review "level" parameter value under <root />.

If level is not set to "ALL", this is a finding.

Vulnerability Number

V-72689

Documentable

False

Rule Version

VROM-CS-000250

Severity Override Guidance

Review the Cassandra Server to ensure that it behaves in a predictable and documented manner that reflects organizational and system objectives when invalid inputs are received.

Open the "cqlsh" prompt in the Cassandra Server and type "DESCRIBE KEYSPACES;". Type "DESCRIBE <keyspace name>" for all the keyspace names that have been displayed as output for the first command. Review keyspaces content.

Open the console to the server that Cassandra DB is hosted at and type: "find / | grep "logback.xml"". Open "logback.xml" file and review "level" parameter value under <root />.

If level is not set to "ALL", this is a finding.

Check Content Reference

M

Target Key

3179

Comments