Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-72627 | VROM-CS-000020 | SV-87259r1_rule | Medium |
Description |
---|
Under some circumstances, it may be useful to monitor who/what is reading privilege/permission/role information. Therefore, it must be possible to configure auditing to do this. DBMSs typically make such information available through views or functions. This requirement addresses explicit requests for privilege/permission/role membership information. It does not refer to the implicit retrieval of privileges/permissions/role memberships that the DBMS continually performs to determine if any and every action on the database is permitted. |
STIG | Date |
---|---|
vRealize - Cassandra Security Technical Implementation Guide | 2017-06-06 |
Check Text ( C-72781r1_chk ) |
---|
Review the Cassandra Server settings to ensure that audit records can be produced when privileges/permissions/role memberships are retrieved. At the command prompt, execute the following command: # grep ' If level is not set to "ALL", this is a finding. |
Fix Text (F-79029r1_fix) |
---|
Configure the Cassandra Server to produce audit records when privileges/permissions/role memberships are retrieved. At the command line execute the following command: # sed -i 's/^\(\s*\) |