The application server must use internal system clocks to generate time stamps for log records.

From Application Server Security Requirements Guide

Part of SRG-APP-000116-AS-000076

Associated with: CCI-000159

SV-46490r3_rule The application server must use internal system clocks to generate time stamps for log records.

Vulnerability discussion

Without the use of an approved and synchronized time source configured on the systems, events cannot be accurately correlated and analyzed to determine what is transpiring within the application server.If an event has been triggered on the network, and the application server is not configured with the correct time, the event may be seen as insignificant, when in reality the events are related and may have a larger impact across the network. Synchronization of system clocks is needed in order to correctly correlate the timing of events that occur across multiple systems. Determining the correct time a particular event occurred on a system, via time stamps, is critical when conducting forensic analysis and investigating system events. Application servers must utilize the internal system clock when generating time stamps and log records.

Check content

Review the application server configuration files to determine if the internal system clock is used for time stamps. If this is not feasible, an alternative workaround is to take an action that generates an entry in the logs and then immediately query the operating system for the current time. A reasonable match between the two times will suffice as evidence that the system is using the internal clock for timestamps. If the application server does not use the internal system clock to generate time stamps, this is a finding.

Fix text

Configure the application server to use internal system clocks to generate time stamps for log records.

Pro Tips

Powered by sagemincer