UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Security Token Service log data and records must be backed up onto a different system or media.


Overview

Finding ID Version Rule ID IA Controls Severity
V-256775 VCST-70-000050 SV-256775r889295_rule Medium
Description
Protection of Security Token Service log data includes ensuring log data is not accidentally lost or deleted. Backing up Security Token Service log records to an unrelated system or onto separate media than the system the web server is running on helps to ensure that, in the event of a catastrophic system failure, the log records will be retained. Satisfies: SRG-APP-000125-WSR-000071, SRG-APP-000358-WSR-000163
STIG Date
VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide 2023-02-21

Details

Check Text ( C-60450r889293_chk )
At the command prompt, run the following command:

# rpm -V VMware-visl-integration|grep vmware-services-sso-services.conf|grep "^..5......"

If the command returns any output, this is a finding.
Fix Text (F-60393r889294_fix)
Navigate to and open:

/etc/vmware-syslog/vmware-services-sso-services.conf

Create the file if it does not exist.

Set the contents of the file as follows:

#vmidentity logs
input(type="imfile"
File="/var/log/vmware/sso/activedirectoryservice.log"
Tag="activedirectoryservice"
PersistStateInterval="200"
Severity="info"
startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/sso/lookupsvc-init.log"
Tag="ssolookupsvc-init"
PersistStateInterval="200"
Severity="info"
startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/sso/openidconnect.log"
Tag="openidconnect"
PersistStateInterval="200"
Severity="info"
startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/sso/ssoAdminServer.log"
Tag="ssoadminserver"
PersistStateInterval="200"
Severity="info"
startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/sso/svcaccountmgmt.log"
Tag="svcaccountmgmt"
PersistStateInterval="200"
Severity="info"
startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z"
Facility="local0")
input(type="imfile"
File="/var/log/vmware/sso/tokenservice.log"
Tag="tokenservice"
PersistStateInterval="200"
Severity="info"
startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z"
Facility="local0")
#sts health log
input(type="imfile"
File="/var/log/vmware/sso/sts-health-status.log.*"
Tag="sts-health-status"
PersistStateInterval="200"
Severity="info"
startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2} [[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2},[[:digit:]]{0,4}"
Facility="local0")
#sts runtime log
input(type="imfile"
File="/var/log/vmware/sso/sts-runtime.log.*"
Tag="sts-runtime"
PersistStateInterval="200"
Severity="info"
Facility="local0")
#gclogFile.0.current log
input(type="imfile"
File="/var/log/vmware/sso/gclogFile.*.current"
Tag="gclog"
PersistStateInterval="200"
Severity="info"
startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}+[[:digit:]]{0,4}"
Facility="local0")
#tomcat log
input(type="imfile"
File="/var/log/vmware/sso/tomcat/localhost_access.log"
Tag="sso-tomcat"
PersistStateInterval="200"
Severity="info"
Facility="local0")
#vmdir log
input(type="imfile"
File="/var/log/vmware/vmdir/*.log"
Tag="vmdir"
PersistStateInterval="200"
Severity="info"
Facility="local0")
#vmafd log
input(type="imfile"
File="/var/log/vmware/vmafd/*.log"
Tag="vmafd"
PersistStateInterval="200"
Severity="info"
Facility="local0")