STIGQter: STIG Summary: VMware vSphere 6.7 STS Tomcat Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The Security Token Service must generate log records during Java startup and shutdown.

DISA Rule

SV-239657r679043_rule

Vulnerability Number

V-239657

Group Title

SRG-APP-000089-WSR-000047

Rule Version

VCST-67-000006

Severity

CAT II

CCI(s)

• CCI-000169 - The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components.

Weight

10

Fix Recommendation

Navigate to and open /usr/lib/vmware-sso/vmware-sts/conf/logging.properties.

Ensure that the "handlers" and ".handlers" lines are configured as follows:

handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler

.handlers = 1catalina.org.apache.juli.FileHandler

Ensure that the following lines are present:

1catalina.org.apache.juli.FileHandler.level = FINE
1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.FileHandler.prefix = catalina.
1catalina.org.apache.juli.FileHandler.bufferSize = -1

Check Contents

At the command prompt, execute the following command:

# grep "1catalina.org.apache.juli.FileHandler" /usr/lib/vmware-sso/vmware-sts/conf/logging.properties

Expected result:

handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
.handlers = 1catalina.org.apache.juli.FileHandler
1catalina.org.apache.juli.FileHandler.level = FINE
1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.FileHandler.prefix = catalina.
1catalina.org.apache.juli.FileHandler.bufferSize = -1

If the output does not match the expected result, this is a finding.

Vulnerability Number

V-239657

Documentable

False

Rule Version

VCST-67-000006

Severity Override Guidance

At the command prompt, execute the following command:

# grep "1catalina.org.apache.juli.FileHandler" /usr/lib/vmware-sso/vmware-sts/conf/logging.properties

Expected result:

handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
.handlers = 1catalina.org.apache.juli.FileHandler
1catalina.org.apache.juli.FileHandler.level = FINE
1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.FileHandler.prefix = catalina.
1catalina.org.apache.juli.FileHandler.bufferSize = -1

If the output does not match the expected result, this is a finding.

Check Content Reference

M

Target Key

5333

Comments