5.3 Ensure that logging captures as much information as possible

Information

The SystemLog.quiet option stops logging of information such as:

connection events

authentication events

replication sync activities

evidence of some potentially impactful commands being run (eg: drop, dropIndexes, validate)

This information should be logged whenever possible. This check is only for Enterprise editions.

Rationale:

The use of SystemLog.quiet makes troubleshooting problems and investigating possible security incidents much more difficult.

Solution

Set SystemLog.quiet to false in the /etc/mongod.conf file to disable it.

systemLog:
quiet: false

See Also

https://workbench.cisecurity.org/files/3560