Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-256775 | VCST-70-000050 | SV-256775r889295_rule | Medium |
Description |
---|
Protection of Security Token Service log data includes ensuring log data is not accidentally lost or deleted. Backing up Security Token Service log records to an unrelated system or onto separate media than the system the web server is running on helps to ensure that, in the event of a catastrophic system failure, the log records will be retained. Satisfies: SRG-APP-000125-WSR-000071, SRG-APP-000358-WSR-000163 |
STIG | Date |
---|---|
VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide | 2023-02-21 |
Check Text ( C-60450r889293_chk ) |
---|
At the command prompt, run the following command: # rpm -V VMware-visl-integration|grep vmware-services-sso-services.conf|grep "^..5......" If the command returns any output, this is a finding. |
Fix Text (F-60393r889294_fix) |
---|
Navigate to and open: /etc/vmware-syslog/vmware-services-sso-services.conf Create the file if it does not exist. Set the contents of the file as follows: #vmidentity logs input(type="imfile" File="/var/log/vmware/sso/activedirectoryservice.log" Tag="activedirectoryservice" PersistStateInterval="200" Severity="info" startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z" Facility="local0") input(type="imfile" File="/var/log/vmware/sso/lookupsvc-init.log" Tag="ssolookupsvc-init" PersistStateInterval="200" Severity="info" startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z" Facility="local0") input(type="imfile" File="/var/log/vmware/sso/openidconnect.log" Tag="openidconnect" PersistStateInterval="200" Severity="info" startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z" Facility="local0") input(type="imfile" File="/var/log/vmware/sso/ssoAdminServer.log" Tag="ssoadminserver" PersistStateInterval="200" Severity="info" startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z" Facility="local0") input(type="imfile" File="/var/log/vmware/sso/svcaccountmgmt.log" Tag="svcaccountmgmt" PersistStateInterval="200" Severity="info" startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z" Facility="local0") input(type="imfile" File="/var/log/vmware/sso/tokenservice.log" Tag="tokenservice" PersistStateInterval="200" Severity="info" startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z" Facility="local0") #sts health log input(type="imfile" File="/var/log/vmware/sso/sts-health-status.log.*" Tag="sts-health-status" PersistStateInterval="200" Severity="info" startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2} [[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2},[[:digit:]]{0,4}" Facility="local0") #sts runtime log input(type="imfile" File="/var/log/vmware/sso/sts-runtime.log.*" Tag="sts-runtime" PersistStateInterval="200" Severity="info" Facility="local0") #gclogFile.0.current log input(type="imfile" File="/var/log/vmware/sso/gclogFile.*.current" Tag="gclog" PersistStateInterval="200" Severity="info" startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}+[[:digit:]]{0,4}" Facility="local0") #tomcat log input(type="imfile" File="/var/log/vmware/sso/tomcat/localhost_access.log" Tag="sso-tomcat" PersistStateInterval="200" Severity="info" Facility="local0") #vmdir log input(type="imfile" File="/var/log/vmware/vmdir/*.log" Tag="vmdir" PersistStateInterval="200" Severity="info" Facility="local0") #vmafd log input(type="imfile" File="/var/log/vmware/vmafd/*.log" Tag="vmafd" PersistStateInterval="200" Severity="info" Facility="local0") |