Nutanix UI must initiate session logging upon startup.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-279464 | NXAC-AS-000067 | SV-279464r1192371_rule | CCI-001464 | medium |
| Description | ||||
| An attacker can compromise a web server during the startup process. If logging is not initiated until all the web server processes are started, key information may be missing and not available during a forensic investigation. To ensure all loggable events are captured, the web server must begin logging once the first web server process is initiated. | ||||
| STIG | Date | |||
| Nutanix Acropolis Application Server Security Technical Implementation Guide | 2026-02-24 | |||
Details
Check Text (C-279464r1192371_chk)
Verify Prism Element enables logging upon startup of Envoy proxy services by running the following command:
$ ps -ef | grep ikat_proxy.out
nutanix 68158 1 0 Oct10 ? 00:00:00 /bin/bash -lc /home/nutanix/bin/service_monitor --run_as_user=apache /home/nutanix/data/logs/ikat_proxy.FATAL -- /usr/local/nutanix/ikat_proxy/bin/envoy -c /home/nutanix/config/ikat_proxy/envoy.yaml --disable-hot-restart --concurrency 4 |& /home/nutanix/bin/logpipe -o /home/nutanix/data/logs/ikat_proxy.out
nutanix 68376 68158 0 Oct10 ? 00:00:01 /home/nutanix/bin/logpipe -o /home/nutanix/data/logs/ikat_proxy.out
If the output of "ikat_proxy.out" does not list the path as "/home/nutanix/data/logs/ikat_proxy.out", or if there is no output, this is a finding.
Fix Text (F-83922r1192370_fix)
Prism Element is configured by default for the Envoy proxy services with logging level of "info". If this control is a finding, then some corruption has occurred and the VM must be rebuilt.