VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - vmidentity

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The Security Token Service produces a number of logs that must be offloaded from the originating system. This information can then be used for diagnostic, forensics, or other purposes relevant to ensuring the availability and integrity of the hosted application.

Satisfies: SRG-APP-000358-WSR-000163, SRG-APP-000125-WSR-000071

Solution

Navigate to and open /etc/vmware-syslog/stig-services-sso.conf.

Create the file if it does not exist.

Set the contents of the file as follows:

input(type='imfile'
File='/var/log/vmware/sso/*.log'
Tag='vmidentity'
PersistStateInterval='200'
Severity='info'
Facility='local0')
input(type='imfile'
File='/var/log/vmware/sso/sts-runtime.log.*'
Tag='sts-runtime'
PersistStateInterval='200'
Severity='info'
Facility='local0')

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

Item Details

References: CAT|II, CCI|CCI-001348, CCI|CCI-001851, Rule-ID|SV-239678r679106_rule, STIG-ID|VCST-67-000027, Vuln-ID|V-239678

Plugin: Unix

Control ID: 2a6a1c6ae16e32090f3ce1bcc32d9f005c50efe7ba1c79e32b3f7fac6892650e