Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-240848 | VRAU-TC-000760 | SV-240848r879747_rule | Medium |
Description |
---|
If time stamps are not consistently applied and there is no common time reference, it is difficult to perform forensic analysis across multiple devices and log records. Time stamps generated by the web server include date and time. Time is commonly expressed in Coordinated Universal Time (UTC), a modern continuation of Greenwich Mean Time (GMT), or local time with an offset from UTC. Like all web servers, tc Server logs can be configured to produce a Common Log Format (CLF). The tc Server component known as an AccessLogValve, which represents a component that can be inserted into the request processing pipeline to capture user interaction. The Access Log Valve creates log files in the same format as those created by standard web servers including GMT offset. |
STIG | Date |
---|---|
VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide | 2023-10-03 |
Check Text ( C-44081r854853_chk ) |
---|
At the command prompt, execute the following command: tail /storage/log/vmware/horizon/localhost_access_log.YYYY-MM-dd.txt If the timestamp does not contain a time zone mapping, this is a finding. Note: Substitute the actual date in the file name. Note: In Common Log Format, a timestamp will look like [06/Feb/2016:23:12:57 +0000]. The +0000 part is the time zone mapping. |
Fix Text (F-44040r674287_fix) |
---|
Navigate to and open /opt/vmware/horizon/workspace/conf/server.xml. Navigate to the Set the "pattern" setting with "%h %l %u %t "%r" %s %b". Note: The pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log." suffix=".txt"/> |