The Security Token Service must generate log records during Java startup and shutdown.

An XCCDF Rule

Description

Logging must be started as soon as possible when a service starts and as late as possible when a service is stopped. Many forms of suspicious actions can be detected by analyzing logs for unexpected service starts and stops. Also, by starting to log immediately after a service starts, it becomes more difficult for suspicious activity to go unlogged. Satisfies: SRG-APP-000089-WSR-000047, SRG-APP-000092-WSR-000055

ID: SV-256750r918974_rule
Version: VCST-70-000006
Severity: Medium
References: CCI-000169 CCI-001464
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/usr/lib/vmware-sso/vmware-sts/conf/logging.properties

Ensure that the "handlers" and ".handlers" lines are configured as follows:
handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler
.handlers = 1catalina.org.apache.juli.FileHandler
1catalina.org.apache.juli.FileHandler.level = FINE
1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs/tomcat
1catalina.org.apache.juli.FileHandler.prefix = catalina.
1catalina.org.apache.juli.FileHandler.bufferSize = -1
1catalina.org.apache.juli.FileHandler.formatter = java.util.logging.SimpleFormatter
1catalina.org.apache.juli.FileHandler.maxDays = 10
org.apache.catalina.startup.Catalina.handlers = 1catalina.org.apache.juli.FileHandler

Restart the service with the following command:

# vmon-cli --restart sts

The Security Token Service must generate log records during Java startup and shutdown.

Description

Remediation Templates

A Manual Procedure