The rhttpproxy must have logging enabled. (Cat II impact)
After a security incident has occurred, investigators will often review log files to determine what happened. The rhttpproxy must create logs upon service startup to capture information relevant to investigations.
At the command prompt, execute the following command: # xmllint --xpath '/config/log/outputToFiles' /etc/vmware-rhttpproxy/config.xml Expected result: <outputToFiles>true</outputToFiles> If the output does not match the expected result, this is a finding.
Navigate to and open /etc/vmware-rhttpproxy/config.xml. Locate the <config>/<log> block and configure <outputToFiles> as follows: <outputToFiles>true</outputToFiles> Restart the service for changes to take effect. # vmon-cli --restart rhttpproxy
The information system initiates session audits at system start-up.