Skip to content

SSMC web server must use a logging mechanism that is configured to alert the ISSO and SA in the event of a processing failure.

An XCCDF Rule

Description

<VulnDiscussion>Reviewing log data allows an investigator to recreate the path of an attacker and to capture forensic data for later use. Log data is also essential to system administrators in their daily administrative duties on the hosted system or within the hosted applications. If the logging system begins to fail, events will not be recorded. Organizations must define logging failure events, at which time the application or the logging mechanism the application utilizes will provide a warning to the ISSO and SA at a minimum.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-255269r879570_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Configure SSMC  to provide an alert to the ISSO and SA when log processing failures occur by doing the following:

1. Configure rsyslog parameters in /ssmc/conf/security_config.properties like below (use vi editor) -
ssmc.rsyslog.smtp.alert=true
ssmc.rsyslog.smtp.server=<smtp_server_ip>
ssmc.rsyslog.smtp.port=<smtp_port>