Nutanix AOS must produce audit records containing the individual identities of group account users.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-254177 | NUTX-OS-000750 | SV-254177r846619_rule | Medium |
| Description |
|---|
| Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information. At a minimum, the organization must audit the individual identities of group users. The organization must maintain audit trails in sufficient detail to reconstruct events to determine the actual account involved in the activity. |
| STIG | Date |
|---|---|
| Nutanix AOS 5.20.x OS Security Technical Implementation Guide | 2022-08-24 |
Details
| Check Text ( C-57662r846617_chk ) |
|---|
| Verify Nutanix AOS produces audit records containing information to establish when (date and time) the events occurred. Determine if auditing is active by issuing the following command: $ sudo systemctl is-active auditd.service active If the "auditd" status is not active, this is a finding. |
| Fix Text (F-57613r846618_fix) |
|---|
| Enable the auditd service to run automatically. $ sudo systemctl enable auditd |