tc Server CaSa must produce log records containing sufficient information to establish what type of events occurred.

From VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

Part of SRG-APP-000095-WSR-000056

Associated with: CCI-000130

SV-99485r1_rule tc Server CaSa must produce log records containing sufficient information to establish what type of events occurred.

Vulnerability discussion

After a security incident has occurred, investigators will often review log files to determine what happened. Understanding what type of event occurred is critical for investigation of a suspicious event.Like all servers, tc Server will typically process “GET” and “POST” requests clients. These will help investigators understand what happened.

Check content

At the command prompt, execute the following command: tail /storage/log/vcops/log/casa/localhost_access_log.YYYY-MM-dd.txt Note: Substitute the actual date in the file name. If HTTP "GET" and/or "POST" events are not being recorded, this is a finding.

Fix text

Navigate to and open /usr/lib/vmware-casa/casa-webapp/conf/server.xml. Navigate to and locate . Configure the node with the below. Note: The “AccessLogValve” should be configured as follows:

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer