Rule ID
SV-240853r879748_rule
Version
V2R3
CCIs
Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the web server include date and time and must be to a granularity of one second. Like all web servers, tc Server logs can be configured to produce a Common Log Format (CLF). The tc Server component known as an AccessLogValve, which represents a component that can be inserted into the request processing pipeline to capture user interaction. The Access Log Valve should be configured to ensure that investigators have sufficient information to conduct an appropriate audit.
At the command prompt, execute the following command: tail /storage/log/vmware/vcac/access_log.YYYY-MM-dd.txt If the timestamp does not contain a minimum granularity of one second, this is a finding. Note: Substitute the actual date in the file name. Note: In Common Log Format, a timestamp will look like [06/Feb/2016:23:12:57 +0000]. The "57" part is the "seconds" part of the timestamp.
Navigate to and open /etc/vcac/server.xml.
Navigate to the <Valve className="org.apache.catalina.valves.AccessLogValve"> node.
Set the "pattern" setting with "%h %l %u %t "%r" %s %b".
Note: The <Valve> node should be configured per the following:
<Valve className="org.apache.catalina.valves.AccessLogValve"
checkExists="true"
directory="logs"
pattern="%h %l %u %t "%r" %s %b"
prefix="access_log"
requestAttributesEnabled="true"
rotatable="false"
suffix=".txt"/>