SSMC web server must initiate session logging upon start up.
An XCCDF Rule
Description
An attacker can compromise a web server during the startup process. If logging is not initiated until all the web server processes are started, key information may be missed and not available during a forensic investigation. To assure all loggable events are captured, the web server must begin logging once the first web server process is initiated.
- ID
- SV-255268r960888_rule
- Version
- SSMC-WS-030040
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure SSMC to generate log records for system startup and shutdown, system access, and system authentication events. To do so, enable auditd facility (session_log):
1. Log on to SSMC appliance as ssmcadmin. Press "X" to escape to general bash shell from the TUI menu.
2. Execute the following command to enable session logging:
$ sudo /ssmc/bin/config_security.sh -o session_log -a enable