Detections
Analytics
MD3X-00-000040 - MongoDB must provide audit record generation for DoD-defined auditable events within all DBMS/database components.
Warning! Audit Deprecated
This audit has been deprecated and will be removed in a future update.
View Next Audit VersionInformation
MongoDB must provide audit record generation capability for DoD-defined auditable events within all DBMS/database components.Satisfies: SRG-APP-000089-DB-000064, SRG-APP-000080-DB-000063, SRG-APP-000090-DB-000065, SRG-APP-000091-DB-000066, SRG-APP-000091-DB-000325, SRG-APP-000092-DB-000208, SRG-APP-000093-DB-000052, SRG-APP-000095-DB-000039, SRG-APP-000096-DB-000040, SRG-APP-000097-DB-000041, SRG-APP-000098-DB-000042, SRG-APP-000099-DB-000043, SRG-APP-000100-DB-000201, SRG-APP-000101-DB-000044, SRG-APP-000109-DB-000049, SRG-APP-000356-DB-000315, SRG-APP-000360-DB-000320, SRG-APP-000381-DB-000361, SRG-APP-000492-DB-000332, SRG-APP-000492-DB-000333, SRG-APP-000494-DB-000344, SRG-APP-000494-DB-000345, SRG-APP-000495-DB-000326, SRG-APP-000495-DB-000327, SRG-APP-000495-DB-000328, SRG-APP-000495-DB-000329, SRG-APP-000496-DB-000334, SRG-APP-000496-DB-000335, SRG-APP-000498-DB-000346, SRG-APP-000498-DB-000347, SRG-APP-000499-DB-000330, SRG-APP-000499-DB-000331, SRG-APP-000501-DB-000336, SRG-APP-000501-DB-000337, SRG-APP-000502-DB-000348, SRG-APP-000502-DB-000349, SRG-APP-000503-DB-000350, SRG-APP-000503-DB-000351, SRG-APP-000504-DB-000354, SRG-APP-000504-DB-000355, SRG-APP-000505-DB-000352, SRG-APP-000506-DB-000353, SRG-APP-000507-DB-000356, SRG-APP-000507-DB-000357, SRG-APP-000508-DB-000358, SRG-APP-000515-DB-000318
Solution
If the 'auditLog' setting was not present in the MongoDB configuration file (default location: '/etc/mongod.conf)' edit this file and add a configured 'auditLog' setting:auditLog:
destination: syslog
Stop/start (restart) the mongod or mongos instance using this configuration.
If the 'auditLog' setting was present and contained a 'filter:' parameter, ensure the 'filter:' expression does not prevent the auditing of events that should be audited or remove the 'filter:' parameter to enable auditing all events.
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_MDB_Enterprise_Advanced_3-x_V1R2_STIG.zip
Item Details
Audit Name: DISA STIG MongoDB Enterprise Advanced 3.x v1r2
Category: AUDIT AND ACCOUNTABILITY
References: 800-53|AU-12, CAT|II, CCI|CCI-000130, CCI|CCI-000131, CCI|CCI-000132, CCI|CCI-000133, CCI|CCI-000134, CCI|CCI-000135, CCI|CCI-000140, CCI|CCI-000166, CCI|CCI-000171, CCI|CCI-000172, CCI|CCI-001462, CCI|CCI-001464, CCI|CCI-001487, CCI|CCI-001814, CCI|CCI-001844, CCI|CCI-001851, CCI|CCI-001858, Rule-ID|SV-96561r1_rule, STIG-ID|MD3X-00-000040, Vuln-ID|V-81847
Plugin: Unix
Control ID: 561a84d8bd339daf39c58e6dda298aaf7a7036fa31f9c3d0bb58b314818afc4f