Security Token Service log data and records must be backed up onto a different system or media.

An XCCDF Rule

Description

<VulnDiscussion>Protection of Security Token Service log data includes ensuring log data is not accidentally lost or deleted. Backing up Security Token Service log records to an unrelated system or onto separate media than the system the web server is running on helps to ensure that, in the event of a catastrophic system failure, the log records will be retained. Satisfies: SRG-APP-000125-WSR-000071, SRG-APP-000358-WSR-000163</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-256775r889295_rule
Severity: Medium
References: CCI-001348 CCI-001851
Updated: 8 months ago

Navigate to and open: 
 
/etc/vmware-syslog/vmware-services-sso-services.conf 
 
Create the file if it does not exist. 
 Set the contents of the file as follows: 
 
#vmidentity logs 
input(type="imfile" 
      File="/var/log/vmware/sso/activedirectoryservice.log" 
      Tag="activedirectoryservice" 
      PersistStateInterval="200" 
      Severity="info" 
      startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z" 
      Facility="local0") 
input(type="imfile" 
      File="/var/log/vmware/sso/lookupsvc-init.log" 
      Tag="ssolookupsvc-init" 
      PersistStateInterval="200" 
      Severity="info" 
      startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z" 
      Facility="local0") 
input(type="imfile" 
      File="/var/log/vmware/sso/openidconnect.log" 
      Tag="openidconnect" 
      PersistStateInterval="200" 
      Severity="info" 
      startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z" 
      Facility="local0") 
input(type="imfile" 
      File="/var/log/vmware/sso/ssoAdminServer.log" 
      Tag="ssoadminserver" 
      PersistStateInterval="200" 
      Severity="info" 
      startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z" 
      Facility="local0") 
input(type="imfile" 
      File="/var/log/vmware/sso/svcaccountmgmt.log" 
      Tag="svcaccountmgmt" 
      PersistStateInterval="200" 
      Severity="info" 
      startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z" 
      Facility="local0") 
input(type="imfile" 
      File="/var/log/vmware/sso/tokenservice.log" 
      Tag="tokenservice" 
      PersistStateInterval="200" 
      Severity="info" 
      startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}Z" 
      Facility="local0") 
#sts health log 
input(type="imfile" 
      File="/var/log/vmware/sso/sts-health-status.log.*" 
      Tag="sts-health-status" 
      PersistStateInterval="200" 
      Severity="info" 
      startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2} [[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2},[[:digit:]]{0,4}" 
      Facility="local0") 
#sts runtime log 
input(type="imfile" 
      File="/var/log/vmware/sso/sts-runtime.log.*" 
      Tag="sts-runtime" 
      PersistStateInterval="200" 
      Severity="info" 
      Facility="local0") 
#gclogFile.0.current log 
input(type="imfile" 
      File="/var/log/vmware/sso/gclogFile.*.current" 
      Tag="gclog" 
      PersistStateInterval="200" 
      Severity="info" 
      startmsg.regex="^[[:digit:]]{4}-[[:digit:]]{1,2}-[[:digit:]]{1,2}T[[:digit:]]{1,2}:[[:digit:]]{1,2}:[[:digit:]]{1,2}.[[:digit:]]{0,3}+[[:digit:]]{0,4}" 
      Facility="local0") 
#tomcat log 
input(type="imfile" 
      File="/var/log/vmware/sso/tomcat/localhost_access.log" 
      Tag="sso-tomcat" 
      PersistStateInterval="200" 
      Severity="info" 
      Facility="local0") 
#vmdir log 
input(type="imfile" 
      File="/var/log/vmware/vmdir/*.log" 
      Tag="vmdir" 
      PersistStateInterval="200" 
      Severity="info" 
      Facility="local0") 
#vmafd log 
input(type="imfile" 
      File="/var/log/vmware/vmafd/*.log" 
      Tag="vmafd" 
      PersistStateInterval="200" 
      Severity="info" 
      Facility="local0")

Security Token Service log data and records must be backed up onto a different system or media.

Description

Remediation - Manual Procedure