The HPE 3PAR OS must be configured to offload audit records onto a different system or media from the system being audited.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-255284 | HP3P-33-002052 | SV-255284r958754_rule | CCI-001851 | medium |
| Description | ||||
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224 | ||||
| STIG | Date | |||
| HPE 3PAR StoreServ 3.3.x Security Technical Implementation Guide | 2024-08-27 | |||
Related Frameworks
2 paths across 2 frameworks
Related Frameworks
NIST 800-531 mapping
AU-4(1)
1.00
- DISA · V2R1 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
CCI1 mapping
CCI-001851
1.00
- DISA · V2R1 · disa_xccdf · related
Details
Check Text (C-255284r958754_chk)
Verify offloading of security syslog events with
cli% showsys -d
Find the output section "Remote Syslog Status".
If "Active" is not "1", this is a finding.
If "Security Server" is not defined, this is a finding.
If "Security Connection" is not "TLS", this is a finding.
Fix Text (F-58901r870170_fix)
Configure the remote syslog host:
cli% setsys RemoteSyslogSecurityHost <hostname> <address-spec> [:port]
The hostname, and address are both required. If both IPv4 and IPv6 addresses are supplied, the IPv6 address must be enclosed in []. The default port is 6514 utilizing TLS.
Import the ca certificate that will have signed the syslog server:
cli% importcert syslog-sec-server -ca stdin
Copy and paste the PEM format of the appropriate CA as instructed.
Configure the system to utilize remote syslog:
cli% setsys RemoteSyslog 1