From VMware vRealize Automation 7.x tc Server Security Technical Implementation Guide
Part of SRG-APP-000092-WSR-000055
Associated with: CCI-001464
An attacker can compromise a web server during the startup process. If logging is not initiated until all the web server processes are started, key information may be missed and not available during a forensic investigation. To assure all logable events are captured, the web server must begin logging once the first web server process is initiated.
At the command prompt, execute the following command: more /usr/share/tomcat/bin/catalina.sh Type /touch "$CATALINA_OUT" Verify that the start command contains the command ">> "$CATALINA_OUT" 2>&1 "&"" If the command is not correct or is missing, this is a finding. Note: Use the "Enter" key to scroll down after typing /touch "$CATALINA_OUT"
Navigate to and open Navigate to and open /usr/share/tomcat/bin/catalina.sh. Navigate to and locate the start block : "elif [ "$1" = "start" ] ; then" Navigate to and locate both "eval" statements : "org.apache.catalina.startup.Bootstrap "$@" start \" Add this statement immediately below both of the "eval" statements : '>> "$CATALINA_OUT" 2>&1 "&"'
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer