Nutanix UI must initiate session logging upon startup.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-279464 | SRG-APP-000092-AS-000053 | NXAC-AS-000067 | SV-279464r1192371_rule | 2026-02-24 | 1 |
Description
An attacker can compromise a web server during the startup process. If logging is not initiated until all the web server processes are started, key information may be missing and not available during a forensic investigation. To ensure all loggable events are captured, the web server must begin logging once the first web server process is initiated.
ℹ️ Check
Verify Prism Element enables logging upon startup of Envoy proxy services by running the following command:
$ ps -ef | grep ikat_proxy.out
nutanix 68158 1 0 Oct10 ? 00:00:00 /bin/bash -lc /home/nutanix/bin/service_monitor --run_as_user=apache /home/nutanix/data/logs/ikat_proxy.FATAL -- /usr/local/nutanix/ikat_proxy/bin/envoy -c /home/nutanix/config/ikat_proxy/envoy.yaml --disable-hot-restart --concurrency 4 |& /home/nutanix/bin/logpipe -o /home/nutanix/data/logs/ikat_proxy.out
nutanix 68376 68158 0 Oct10 ? 00:00:01 /home/nutanix/bin/logpipe -o /home/nutanix/data/logs/ikat_proxy.out
If the output of "ikat_proxy.out" does not list the path as "/home/nutanix/data/logs/ikat_proxy.out", or if there is no output, this is a finding.
✔️ Fix
Prism Element is configured by default for the Envoy proxy services with logging level of "info". If this control is a finding, then some corruption has occurred and the VM must be rebuilt.