Rsyslog must be configured to monitor and ship Security Token Service log files.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-239678 | VCST-67-000027 | SV-239678r816759_rule | Medium |
| Description |
|---|
| The Security Token Service produces a number of logs that must be offloaded from the originating system. This information can then be used for diagnostic, forensics, or other purposes relevant to ensuring the availability and integrity of the hosted application. Satisfies: SRG-APP-000358-WSR-000163, SRG-APP-000125-WSR-000071 |
| STIG | Date |
|---|---|
| VMware vSphere 6.7 STS Tomcat Security Technical Implementation Guide | 2022-01-03 |
Details
| Check Text ( C-42911r816757_chk ) |
|---|
| Connect to the PSC, whether external or embedded. At the command prompt, execute the following command: # grep -v "^#" /etc/vmware-syslog/stig-services-sso.conf Expected result: input(type="imfile" File="/var/log/vmware/sso/*.log" Tag="vmidentity" PersistStateInterval="200" Severity="info" Facility="local0") input(type="imfile" File="/var/log/vmware/sso/sts-runtime.log.*" Tag="sts-runtime" PersistStateInterval="200" Severity="info" Facility="local0") If the file does not exist, this is a finding. If the output of the command does not match the expected result, this is a finding. |
| Fix Text (F-42870r816758_fix) |
|---|
| Connect to the PSC, whether external or embedded. Navigate to and open /etc/vmware-syslog/stig-services-sso.conf. Create the file if it does not exist. Set the contents of the file as follows: input(type="imfile" File="/var/log/vmware/sso/*.log" Tag="vmidentity" PersistStateInterval="200" Severity="info" Facility="local0") input(type="imfile" File="/var/log/vmware/sso/sts-runtime.log.*" Tag="sts-runtime" PersistStateInterval="200" Severity="info" Facility="local0") |