Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
SSMC web server must initiate session logging upon start up.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-255268 | SSMC-WS-030040 | SV-255268r869973_rule | Medium |
| Description |
|---|
| An attacker can compromise a web server during the startup process. If logging is not initiated until all the web server processes are started, key information may be missed and not available during a forensic investigation. To assure all loggable events are captured, the web server must begin logging once the first web server process is initiated. |
| STIG | Date |
|---|---|
| HPE 3PAR SSMC Web Server Security Technical Implementation Guide | 2022-10-13 |
Details
| Check Text ( C-58881r869971_chk ) |
|---|
| Verify that SSMC is configured to generate log records for system startup and shutdown, system access, and system authentication events. To do so, check if auditd facility (session_log) is enabled: 1. Log on as ssmcadmin to ssmc appliance via SSH. Press "X" to escape to general bash shell. 2. Execute the following command: $ sudo /ssmc/bin/config_security.sh -o session_log -a status Session log is enabled If the console output does not show the session log function as enabled, this is a finding. |
| Fix Text (F-58825r869972_fix) |
|---|
| Configure SSMC to generate log records for system startup and shutdown, system access, and system authentication events. To do so, enable auditd facility (session_log): 1. Log on to SSMC appliance as ssmcadmin. Press "X" to escape to general bash shell from the TUI menu. 2. Execute the following command to enable session logging: $ sudo /ssmc/bin/config_security.sh -o session_log -a enable |