Trend Deep Security must initiate session auditing upon startup.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-65881 | TMDS-00-000075 | SV-80371r1_rule | Medium |
| Description |
|---|
| If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created. |
| STIG | Date |
|---|---|
| Trend Micro Deep Security 9.x Security Technical Implementation Guide | 2016-02-26 |
Details
| Check Text ( C-66529r1_chk ) |
|---|
| Review the Trend Deep Security server to ensure session auditing upon startup is initiated. Verify the following events within the Administration >> System Settings >> System Events, are set to “Record.” 600 User Signed In 601 User Signed Out 602 User Timed Out 603 User Locked Out 608 User Session Validation Failed 610 User Session Validated If these settings are not set to “Record”, this is a finding. |
| Fix Text (F-71957r1_fix) |
|---|
| Configure the Trend Deep Security server to initiate session auditing upon startup. Go to Administration >> System Settings >> System Events, and set the following settings to “Record.” 600 User Signed In 601 User Signed Out 602 User Timed Out 603 User Locked Out 608 User Session Validation Failed 610 User Session Validated |