SSMC web server must initiate session logging upon start up.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-255268 | SSMC-WS-030040 | SV-255268r879562_rule | Medium |
| Description |
|---|
| An attacker can compromise a web server during the startup process. If logging is not initiated until all the web server processes are started, key information may be missed and not available during a forensic investigation. To assure all loggable events are captured, the web server must begin logging once the first web server process is initiated. |
| STIG | Date |
|---|---|
| HPE 3PAR SSMC Web Server Security Technical Implementation Guide | 2023-05-17 |
Details
| Check Text ( C-58881r869971_chk ) |
|---|
| Verify that SSMC is configured to generate log records for system startup and shutdown, system access, and system authentication events. To do so, check if auditd facility (session_log) is enabled: 1. Log on as ssmcadmin to ssmc appliance via SSH. Press "X" to escape to general bash shell. 2. Execute the following command: $ sudo /ssmc/bin/config_security.sh -o session_log -a status Session log is enabled If the console output does not show the session log function as enabled, this is a finding. |
| Fix Text (F-58825r869972_fix) |
|---|
| Configure SSMC to generate log records for system startup and shutdown, system access, and system authentication events. To do so, enable auditd facility (session_log): 1. Log on to SSMC appliance as ssmcadmin. Press "X" to escape to general bash shell from the TUI menu. 2. Execute the following command to enable session logging: $ sudo /ssmc/bin/config_security.sh -o session_log -a enable |