The DNS server implementations audit records must be backed up at least every seven days onto a different system or system component than the system or component being audited.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-205167 | SRG-APP-000125 | SRG-APP-000125-DNS-000012 | SV-205167r960948_rule | 2024-07-02 | 4 |
| Description |
|---|
| Protection of log data includes assuring log data is not accidentally lost or deleted. Backing up audit records to a different system or onto separate media than the system being audited on a defined frequency helps to assure, in the event of a catastrophic system failure, the audit records will be retained. This helps to ensure a compromise of the information system being audited does not also result in a compromise of the audit records. This requirement only applies to applications that have a native backup capability for audit records. Operating system backup requirements cover applications that do not provide native backup functions. |
| ℹ️ Check |
|---|
| Review the DNS system configuration to determine if audit record content is sent to a centralized audit log repository, either directly by the DNS system or by the underlying O/S. If the DNS system is not configured to support centralized logging and auditing, this is a finding. |
| ✔️ Fix |
|---|
| Configure the DNS server or the underlying O/S to send audit log content to a centralized logging facility. |