tc Server API must record user access in a format that enables monitoring of remote access.

From VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

Part of SRG-APP-000016-WSR-000005

Associated with: CCI-000067

SV-99465r1_rule tc Server API must record user access in a format that enables monitoring of remote access.

Vulnerability discussion

Remote access can be exploited by an attacker to compromise the server. By recording all remote access activities, it will be possible to determine the attacker's location, intent, and degree of success.As a Tomcat derivative, tc Server can be configured with an “AccessLogValve”. A Valve element represents a component that can be inserted into the request processing pipeline. The Access Log Valve creates log files in the same format as those created by standard web servers.

Check content

Navigate to and open /usr/lib/vmware-vcops/tomcat-enterprise/conf/server.xml. Navigate to the node. Verify that the node contains a node. If an “AccessLogValve” is not configured correctly or is missing, this is a finding. Note: The “AccessLogValve” should be configured as follows:

Fix text

Navigate to and open /usr/lib/vmware-vcops/tomcat-enterprise/conf/server.xml. Navigate to and locate . Configure the node with the below. Note: The “AccessLogValve” should be configured as follows:

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer