← Back to VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

V-241707

CAT II (Medium)

tc Server UI must record time stamps for log records to a minimum granularity of one second.

Rule ID

SV-241707r879748_rule

STIG

VMware vRealize Operations Manager 6.x tc Server Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-001889

Discussion

Without sufficient granularity of time stamps, it is not possible to adequately determine the chronological order of records. Time stamps generated by the web server include date and time and must be to a granularity of one second. Like all web servers, tc Server logs can be configured to produce a Common Log Format (CLF). The tc Server component known as an “AccessLogValve”, which represents a component that can be inserted into the request processing pipeline to capture user interaction. The “Access Log Valve” should be configured to ensure that investigators have sufficient information to conduct an appropriate audit.

Check Content

At the command prompt, execute the following command:

tail /storage/log/vcops/log/product-ui/localhost_access_log.YYYY-MM-dd.txt

If the timestamp does not contain a minimum granularity of one second, this is a finding.

Note: Substitute the actual date in the file name.

Note: In Common Log Format, a timestamp will look like [06/Feb/2016:23:12:57 +0000]. The “57” part is the “seconds” part of the timestamp.

Fix Text

Navigate to and open /usr/lib/vmware-vcops/tomcat-web-app/conf/server.xml.

Navigate to the <Valve className="org.apache.catalina.valves.AccessLogValve"> node.

Set the “pattern” setting with "%h %l %u %t "%r" %s %b"

Note: The <Valve> node should be configured per the below:

                <Valve className="org.apache.catalina.valves.AccessLogValve"
                       directory="logs"
                       pattern="%h %l %u %t "%r" %s %b"
                       prefix="localhost_access_log."
                       suffix=".txt"/>