VCST-67-000006 - The Security Token Service must generate log records during Java startup and shutdown - .handlers


Logging must be started as soon as possible when a service starts and as late as possible when a service is stopped. Many forms of suspicious actions can be detected by analyzing logs for unexpected service starts and stops. Also, by starting to log immediately after a service starts, it becomes more difficult for suspicious activity to go unlogged.


Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/

Ensure that the 'handlers' and '.handlers' lines are configured as follows:

handlers =,,,, java.util.logging.ConsoleHandler

.handlers =

Ensure that the following lines are present: = FINE = ${catalina.base}/logs = catalina. = -1

Supportive Information

The following resource is also helpful.

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system Unix.