STIGQter STIGQter: STIG Summary: VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

HAProxy must not impede the ability to write specified log record content to an audit log server.

DISA Rule

SV-99841r1_rule

Vulnerability Number

V-89191

Group Title

SRG-APP-000358-WSR-000063

Rule Version

VRAU-HA-000365

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Navigate to and open /etc/rsyslog.d/vcac.conf.

Configure the local0 syslog facility to write to an appropriate log file.

Navigate to and open /etc/haproxy/haproxy.cfg. Configure the globals section with the following:

log 127.0.0.1 local0

Configure the defaults section with both of the following:

log global
option httplog

Check Contents

Navigate to and open /etc/haproxy/haproxy.cfg

Navigate to the "globals" section.

Verify that the "globals" section contains the "log" keyword, and that the "log" option contains the local0 syslog facility as its parameter.

If properly configured, the "globals" section will contain the following:

global
log 127.0.0.1 local0

If the local0 syslog facility is not configured, this is a finding.

Navigate to the "defaults" section.

Verify that the "defaults" section contains the "log" keyword with the global value.

Verify that an option keyword has been configured with the "httplog" value.

If properly configured, the "defaults" section will contain the following:

defaults
log global
option httplog

Navigate to and open the following files:

/etc/haproxy/conf.d/30-vro-config.cfg
/etc/haproxy/conf.d/20-vcac.cfg

Navigate to the each frontend section.

Verify that the "log" keyword has not been set for each frontend.

If the "log" keyword is present in a frontend, this is a finding.

Navigate to and open /etc/rsyslog.d/vcac.conf.

Review the configured syslog facilities and determine the location of the log file for the local0 syslog facility.

If the local0 syslog facility does not refer to a valid log file, this is a finding.

Navigate to and open the local0 syslog log file.

Verify that HAProxy is logging start and stop events to the log file.

If the log file is not recording HAProxy start and stop events, this is a finding.

Vulnerability Number

V-89191

Documentable

False

Rule Version

VRAU-HA-000365

Severity Override Guidance

Navigate to and open /etc/haproxy/haproxy.cfg

Navigate to the "globals" section.

Verify that the "globals" section contains the "log" keyword, and that the "log" option contains the local0 syslog facility as its parameter.

If properly configured, the "globals" section will contain the following:

global
log 127.0.0.1 local0

If the local0 syslog facility is not configured, this is a finding.

Navigate to the "defaults" section.

Verify that the "defaults" section contains the "log" keyword with the global value.

Verify that an option keyword has been configured with the "httplog" value.

If properly configured, the "defaults" section will contain the following:

defaults
log global
option httplog

Navigate to and open the following files:

/etc/haproxy/conf.d/30-vro-config.cfg
/etc/haproxy/conf.d/20-vcac.cfg

Navigate to the each frontend section.

Verify that the "log" keyword has not been set for each frontend.

If the "log" keyword is present in a frontend, this is a finding.

Navigate to and open /etc/rsyslog.d/vcac.conf.

Review the configured syslog facilities and determine the location of the log file for the local0 syslog facility.

If the local0 syslog facility does not refer to a valid log file, this is a finding.

Navigate to and open the local0 syslog log file.

Verify that HAProxy is logging start and stop events to the log file.

If the log file is not recording HAProxy start and stop events, this is a finding.

Check Content Reference

M

Target Key

3455

Comments