Details
Logging must be started as soon as possible when a service starts and as late as possible when a service is stopped. Many forms of suspicious actions can be detected by analyzing logs for unexpected service starts and stops. Also, by starting to log immediately after a service starts, it becomes more difficult for suspicious activity to go unlogged.
Solution
Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/logging.properties.
Ensure that the 'handlers' and '.handlers' lines are configured as follows:
handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
.handlers = 1catalina.org.apache.juli.FileHandler
Ensure that the following lines are present:
1catalina.org.apache.juli.FileHandler.level = FINE
1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.FileHandler.prefix = catalina.
1catalina.org.apache.juli.FileHandler.bufferSize = -1
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.
References
- 800-53|AU-12a.
- CAT|II
- CCI|CCI-000169
- Rule-ID|SV-239657r679043_rule
- STIG-ID|VCST-67-000006
- Vuln-ID|V-239657
Comments
Please sign in to leave a comment.