tc Server VCO must be configured with the RemoteIpValve in order to produce log records containing the client IP information as the source and destination and not the load balancer or proxy IP information with each event.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-240762	VRAU-TC-000210	SV-240762r879566_rule		Medium

Description
tc Server HORIZON logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. Ascertaining the correct source, e.g. source IP, of the events is important during forensic analysis. Correctly determining the source of events will add information to the overall reconstruction of the logable event. By determining the source of the event correctly, analysis of the enterprise can be undertaken to determine if events tied to the source occurred in other areas within the enterprise. tc Server HORIZON must be configured with the RemoteIpValve element in order to record the Client source vice the load balancer or proxy server as the source of every logable event. The RemoteIpValve enables the x-forward-* HTTP properties, which are used by the load balance to provide the client source.

Description

tc Server HORIZON logging capability is critical for accurate forensic analysis. Without sufficient and accurate information, a correct replay of the events cannot be determined. Ascertaining the correct source, e.g. source IP, of the events is important during forensic analysis. Correctly determining the source of events will add information to the overall reconstruction of the logable event. By determining the source of the event correctly, analysis of the enterprise can be undertaken to determine if events tied to the source occurred in other areas within the enterprise. tc Server HORIZON must be configured with the RemoteIpValve element in order to record the Client source vice the load balancer or proxy server as the source of every logable event. The RemoteIpValve enables the x-forward-* HTTP properties, which are used by the load balance to provide the client source.

STIG	Date
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide	2023-10-03

Details

Check Text ( C-43995r674028_chk )
At the command prompt, execute the following command: tail /storage/log/vmware/vco/app-server/localhost_access_log.txt If actual client IP information, not load balancer or proxy server, is not being recorded, this is a finding.

Fix Text (F-43954r674029_fix)
Navigate to and open /etc/vco/app-server/server.xml. Navigate to and locate . Configure the node with the below. Note: The "RemoteIpValve" should be configured as follows: remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" internalProxies=".*" protocolHeader="x-forwarded-proto" />