VCST-67-000027 - Rsyslog must be configured to monitor and ship Security Token Service log files - vmidentity

Information

The Security Token Service produces a number of logs that must be offloaded from the originating system. This information can then be used for diagnostic, forensics, or other purposes relevant to ensuring the availability and integrity of the hosted application.

Satisfies: SRG-APP-000358-WSR-000163, SRG-APP-000125-WSR-000071

Solution

Connect to the PSC, whether external or embedded.

Navigate to and open /etc/vmware-syslog/stig-services-sso.conf.

Create the file if it does not exist.

Set the contents of the file as follows:

input(type='imfile'
File='/var/log/vmware/sso/*.log'
Tag='vmidentity'
PersistStateInterval='200'
Severity='info'
Facility='local0')
input(type='imfile'
File='/var/log/vmware/sso/sts-runtime.log.*'
Tag='sts-runtime'
PersistStateInterval='200'
Severity='info'
Facility='local0')

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-4(1), 800-53|AU-9(2), CAT|II, CCI|CCI-001348, CCI|CCI-001851, Rule-ID|SV-239678r879731_rule, STIG-ID|VCST-67-000027, Vuln-ID|V-239678

Plugin: Unix

Control ID: f6179b47eac77145118da3334a6988d0d88d64736fe9041263657736e2fc5d02