STIGQter STIGQter: STIG Summary: vRealize - Cassandra Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 05 Jun 2017: The Cassandra Server must off-load audit data to a separate log management facility; this must be continuous and in near real time for systems with a network connection to the storage facility and weekly or more often for stand-alone systems.

DISA Rule

SV-87365r1_rule

Vulnerability Number

V-72733

Group Title

SRG-APP-000515-DB-000318

Rule Version

VROM-CS-000390

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the Cassandra Server to off-load audit data to a separate log management facility.

Navigate to and open /usr/lib/vmware-vcops/user/conf/cassandra/logback.xml.

Navigate to the <configuration> node.

Add the following <appender> node to the <configuration> node.

<appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
<syslogHost>syslogServerHostName</syslogHost>
<facility>AUTH</facility>
<suffixPattern>%-5level [%thread] %date{ISO8601, UTC} %F:%L - %msg%n </suffixPattern>
</appender>

Navigate to the <root> node.

Add the following to the <root> node.
<appender-ref ref="SYSLOG" />

Check Contents

Review the Cassandra Server to ensure audit data is off-loaded to a separate log management facility.

At the command prompt, execute the following command:

# grep SyslogAppender /usr/lib/vmware-vcops/user/conf/cassandra/logback.xml

If level is not set to "ALL", this is a finding.

Vulnerability Number

V-72733

Documentable

False

Rule Version

VROM-CS-000390

Severity Override Guidance

Review the Cassandra Server to ensure audit data is off-loaded to a separate log management facility.

At the command prompt, execute the following command:

# grep SyslogAppender /usr/lib/vmware-vcops/user/conf/cassandra/logback.xml

If level is not set to "ALL", this is a finding.

Check Content Reference

M

Target Key

3179

Comments