The RUCKUS ICX device must initiate session auditing upon startup.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-273788 | RCKS-NDM-000180 | SV-273788r1110839_rule | CCI-001464 | medium |
| Description | ||||
| If auditing is enabled late in the startup process, the actions of some start-up processes may not be audited. Some audit systems also maintain state information only available if auditing is enabled before a given process is created. Satisfies: SRG-APP-000092-NDM-000224, SRG-APP-000026-NDM-000208, SRG-APP-000027-NDM-000209, SRG-APP-000028-NDM-000210, SRG-APP-000029-NDM-000211, SRG-APP-000080-NDM-000220, SRG-APP-000091-NDM-000223, SRG-APP-000095-NDM-000225, SRG-APP-000096-NDM-000226, SRG-APP-000097-NDM-000227, SRG-APP-000098-NDM-000228, SRG-APP-000099-NDM-000229, SRG-APP-000100-NDM-000230, SRG-APP-000319-NDM-000283, SRG-APP-000343-NDM-000289, SRG-APP-000381-NDM-000305, SRG-APP-000495-NDM-000318, SRG-APP-000499-NDM-000319, SRG-APP-000503-NDM-000320, SRG-APP-000504-NDM-000321, SRG-APP-000505-NDM-000322, SRG-APP-000506-NDM-000323, SRG-APP-000516-NDM-000334 | ||||
| STIG | Date | |||
| RUCKUS ICX NDM Security Technical Implementation Guide | 2025-05-28 | |||
Details
Check Text (C-273788r1110839_chk)
Verify that logging is enabled:
SSH@ICX(config)# show running-config | include logging
logging console
logging persistence
logging cli-command
logging host x.x.x.x
logging host y.y.y.y
If "no logging on" exists, this is a finding.
Fix Text (F-77784r1110544_fix)
Enable logging:
SSH@ICX(config)# logging on
SSH@ICX(config)# exit
SSH@ICX# write memory