Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-89049 | VROM-TC-000815 | SV-99699r1_rule | Medium |
Description |
---|
Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the web server include date and time and must be to a granularity of one second. Like all web servers, tc Server logs can be configured to produce a Common Log Format (CLF). The tc Server component known as an “AccessLogValve”, which represents a component that can be inserted into the request processing pipeline to capture user interaction. The “Access Log Valve” should be configured to ensure that investigators have sufficient information to conduct an appropriate audit. |
STIG | Date |
---|---|
VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide | 2018-10-12 |
Check Text ( C-88741r1_chk ) |
---|
At the command prompt, execute the following command: tail /storage/log/vcops/log/product-ui/localhost_access_log.YYYY-MM-dd.txt If the timestamp does not contain a minimum granularity of one second, this is a finding. Note: Substitute the actual date in the file name. Note: In Common Log Format, a timestamp will look like [06/Feb/2016:23:12:57 +0000]. The “57” part is the “seconds” part of the timestamp. |
Fix Text (F-95791r1_fix) |
---|
Navigate to and open /usr/lib/vmware-vcops/tomcat-web-app/conf/server.xml. Navigate to the Set the “pattern” setting with "%h %l %u %t "%r" %s %b" Note: The pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log." suffix=".txt"/> |