Skip to content

SSMC web server must initiate session logging upon start up.

An XCCDF Rule

Description

<VulnDiscussion>An attacker can compromise a web server during the startup process. If logging is not initiated until all the web server processes are started, key information may be missed and not available during a forensic investigation. To assure all loggable events are captured, the web server must begin logging once the first web server process is initiated.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-255268r879562_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure SSMC to generate log records for system startup and shutdown, system access, and system authentication events. To do so, enable auditd facility (session_log):

1. Log on to SSMC appliance as ssmcadmin. Press "X" to escape to general bash shell from the TUI menu.

2. Execute the following command to enable session logging: