Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-240748 | VRAU-TC-000125 | SV-240748r879562_rule | Medium |
Description |
---|
An attacker can compromise a web server during the startup process. If logging is not initiated until all the web server processes are started, key information may be missed and not available during a forensic investigation. To assure all logable events are captured, the web server must begin logging once the first web server process is initiated. During start, tc Server reports system messages onto STDOUT and STDERR. These messages will be logged if the initialization script is configured correctly. For historical reasons, the standard log file for this is called catalina.out. |
STIG | Date |
---|---|
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide | 2023-10-03 |
Check Text ( C-43981r674409_chk ) |
---|
At the command prompt, execute the following command: more /usr/share/tomcat/bin/catalina.sh Type /touch "$CATALINA_OUT" Verify that the start command contains the command ">> "$CATALINA_OUT" 2>&1 "&"" If the command is not correct or is missing, this is a finding. Note: Use the "Enter" key to scroll down after typing /touch "$CATALINA_OUT" |
Fix Text (F-43940r673987_fix) |
---|
Navigate to and open Navigate to and open /usr/share/tomcat/bin/catalina.sh. Navigate to and locate the start block : "elif [ "$1" = "start" ] ; then" Navigate to and locate both "eval" statements : "org.apache.catalina.startup.Bootstrap "$@" start \" Add this statement immediately below both of the "eval" statements : '>> "$CATALINA_OUT" 2>&1 "&"' |