tc Server VCAC must record user access in a format that enables monitoring of remote access.

From VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide

Associated with: CCI-000067

SV-100565r1_rule tc Server VCAC must record user access in a format that enables monitoring of remote access.

Vulnerability discussion

Remote access can be exploited by an attacker to compromise the server. By recording all remote access activities, it will be possible to determine the attacker's location, intent, and degree of success.As a Tomcat derivative, tc Server can be configured with an AccessLogValve. A Valve element represents a component that can be inserted into the request processing pipeline. The Access Log Valve creates log files in the same format as those created by standard web servers.

Check content

Navigate to and open /etc/vcac/server.xml. Navigate to the node. Verify that the node contains a node. If an "AccessLogValve" is not configured correctly or is missing, this is a finding. Note: The AccessLogValve should be configured as follows:

Fix text

Navigate to and open /etc/vcac/server.xml. Navigate to and locate . Configure the node with the below. Note: The AccessLogValve should be configured as follows:

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.