Details
Organizations are required to use a central log management system, so, under normal conditions, the audit space allocated to MongoDB on its own server will not be an issue. However, space will still be required on MongoDB server for audit records in transit, and, under abnormal conditions, this could fill up. Since a requirement exists to halt processing upon audit failure, a service outage would result.
If support personnel are not notified immediately upon storage volume utilization reaching 75%, they are unable to plan for storage capacity expansion.
The appropriate support staff include, at a minimum, the ISSO and the DBA/SA.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
View the mongodb configuration file (default location: /etc/mongod.conf) and view the ‘auditlog.path’ to identify the storage volume.
Install MongoDB Ops Manager or other organization approved monitoring software.
Configure the required alert in the monitoring software to send an alert where storage volume holding the auditLog file utilization reaches 75%.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.
References
- 800-53|AU-5(1)
- CAT|II
- CCI|CCI-001855
- Rule-ID|SV-96621r1_rule
- STIG-ID|MD3X-00-000630
- Vuln-ID|V-81907