Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-241604 | VROM-TC-000180 | SV-241604r879564_rule | Medium |
Description |
---|
After a security incident has occurred, investigators will often review log files to determine when events occurred. Understanding the precise sequence of events is critical for investigation of a suspicious event. As a Tomcat derivative, tc Server can be configured with an “AccessLogValve”. A Valve element represents a component that can be inserted into the request processing pipeline. The pattern attribute of the “AccessLogValve” controls which data gets logged. The “%t” parameter specifies that the system time should be recorded. |
STIG | Date |
---|---|
VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide | 2023-09-12 |
Check Text ( C-44880r683672_chk ) |
---|
At the command prompt, execute the following command: tail /storage/log/vcops/log/suite-api/localhost_access_log.YYYY-MM-dd.txt Note: Substitute the actual date in the file name. If the time and date of events are not being recorded, this is a finding. |
Fix Text (F-44839r683673_fix) |
---|
Navigate to and open /usr/lib/vmware-vcops/tomcat-enterprise/conf/server.xml. Navigate to and locate Configure the Note: The AccessLogValve should be configured as follows: pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log." suffix=".txt"/> |