UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

SSMC web server must initiate session logging upon start up.


Overview

Finding ID Version Rule ID IA Controls Severity
V-255268 SSMC-WS-030040 SV-255268r879562_rule Medium
Description
An attacker can compromise a web server during the startup process. If logging is not initiated until all the web server processes are started, key information may be missed and not available during a forensic investigation. To assure all loggable events are captured, the web server must begin logging once the first web server process is initiated.
STIG Date
HPE 3PAR SSMC Web Server Security Technical Implementation Guide 2023-05-17

Details

Check Text ( C-58881r869971_chk )
Verify that SSMC is configured to generate log records for system startup and shutdown, system access, and system authentication events. To do so, check if auditd facility (session_log) is enabled:

1. Log on as ssmcadmin to ssmc appliance via SSH. Press "X" to escape to general bash shell.

2. Execute the following command:

$ sudo /ssmc/bin/config_security.sh -o session_log -a status
Session log is enabled

If the console output does not show the session log function as enabled, this is a finding.
Fix Text (F-58825r869972_fix)
Configure SSMC to generate log records for system startup and shutdown, system access, and system authentication events. To do so, enable auditd facility (session_log):

1. Log on to SSMC appliance as ssmcadmin. Press "X" to escape to general bash shell from the TUI menu.

2. Execute the following command to enable session logging:

$ sudo /ssmc/bin/config_security.sh -o session_log -a enable