The Google Search Appliance must be capable of taking organization-defined actions upon audit failure (e.g., overwrite oldest audit records, stop generating audit records, cease processing, notify of audit failure).

From Google Search Appliance Security Technical Implementation Guide

Associated with: CCI-000140

SV-75203r1_rule The Google Search Appliance must be capable of taking organization-defined actions upon audit failure (e.g., overwrite oldest audit records, stop generating audit records, cease processing, notify of audit failure).

Vulnerability discussion

It is critical when a system is at risk of failing to process audit logs as required; it detects and takes action to mitigate the failure. Audit processing failures include: software/hardware errors, failures in the audit capturing mechanisms, and audit storage capacity being reached or exceeded. Applications are required to be capable of either directly performing or calling system level functionality performing defined actions upon detection of an application audit log processing failure.

Check content

Open the GSA Web Admin Console at https::8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". If valid email addresses are entered, this is not a finding.

Fix text

Open the GSA Web Admin Console at https::8443. Login to the GSA management interface. Navigate to "Administration", select "System Settings". Enter valid email addresses that the audit failures need to be sent to be reviewed.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.