STIGQter STIGQter: STIG Summary: VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018: HAProxy must log the source of events.

DISA Rule

SV-100965r1_rule

Vulnerability Number

V-90315

Group Title

SRG-APP-000098-WSR-000059

Rule Version

VRAU-HA-000065

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Navigate to and open /etc/rsyslog.d/vcac.conf.

Configure the local0 syslog facility to write to an appropriate log file.

Navigate to and open /etc/haproxy/haproxy.cfg.

Configure the globals section with the following:

log 127.0.0.1 local0

Configure the defaults section with both of the following:

log global
option httplog

Check Contents

Navigate to and open /etc/haproxy/haproxy.cfg

Navigate to the globals section.

Verify that the globals section contains the log keyword, and that the log option contains the local0 syslog facility as its parameter.

If properly configured, the globals section will contain the following:

global
log 127.0.0.1 local0

If the local0 syslog facility is not configured, this is a finding.

Navigate to the defaults section.

Verify that the defaults section contains the log keyword with the global value.

Verify that an option keyword has been configured with the httplog value.

If properly configured, the globals section will contain the following:

defaults
log global
option httplog

Navigate to and open /etc/rsyslog.d/vcac.conf.

Review the configured syslog facilities and determine the location of the log file for the local0 syslog facility.

If the local0 syslog facility does not refer to a valid log file, this is a finding.

Navigate to and open the local0 syslog log file.

Verify that HAProxy is logging the source of the event to the log file.

If the log file is not recording the source of the event, this is a finding.

Vulnerability Number

V-90315

Documentable

False

Rule Version

VRAU-HA-000065

Severity Override Guidance

Navigate to and open /etc/haproxy/haproxy.cfg

Navigate to the globals section.

Verify that the globals section contains the log keyword, and that the log option contains the local0 syslog facility as its parameter.

If properly configured, the globals section will contain the following:

global
log 127.0.0.1 local0

If the local0 syslog facility is not configured, this is a finding.

Navigate to the defaults section.

Verify that the defaults section contains the log keyword with the global value.

Verify that an option keyword has been configured with the httplog value.

If properly configured, the globals section will contain the following:

defaults
log global
option httplog

Navigate to and open /etc/rsyslog.d/vcac.conf.

Review the configured syslog facilities and determine the location of the log file for the local0 syslog facility.

If the local0 syslog facility does not refer to a valid log file, this is a finding.

Navigate to and open the local0 syslog log file.

Verify that HAProxy is logging the source of the event to the log file.

If the log file is not recording the source of the event, this is a finding.

Check Content Reference

M

Target Key

3455

Comments