An error occurred:

VMware vSphere 7.0 vCenter Appliance STS STIG Version Comparison

VMware vSphere 7.0 vCenter Appliance STS Security Technical Implementation Guide

Comparison

There are 3 differences between versions v1 r1 (March 7, 2023) (the "left" version) and v1 r2 (July 26, 2023) (the "right" version).

Check VCST-70-000006 was changed between these two versions. Green, underlined text was added, red, struck-out text was removed.

The regular view of the left check and right check may be easier to read.

Text Differences

Title

The Security Token Service must generate log records during Java startup and shutdown.

Check Content

At the command prompt, run the following command: # grep "1catalina.org.apache.juli.FileHandler" /usr/lib/vmware-sso/vmware-sts/conf/logging.properties Expected result: handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler .handlers = 1catalina.org.apache.juli.FileHandler 1catalina.org.apache.juli.FileHandler.level = FINE 1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs/tomcat 1catalina.org.apache.juli.FileHandler.prefix = catalina. 1catalina.org.apache.juli.FileHandler.bufferSize = -1 1catalina.org.apache.juli.FileHandler.formatter = java.util.logging.SimpleFormatter org.apache.catalina.startup.Catalina.handlers java.util.logging.SimpleFormatter 1catalina.org.apache.juli.FileHandler.maxDays = 10 org.apache.catalina.startup.Catalina.handlers = 1catalina.org.apache.juli.FileHandler If the output does not match the expected result, this is a finding.

Discussion

Logging must be started as soon as possible when a service starts and as late as possible when a service is stopped. Many forms of suspicious actions can be detected by analyzing logs for unexpected service starts and stops. Also, by starting to log immediately after a service starts, it becomes more difficult for suspicious activity to go unlogged. Satisfies: SRG-APP-000089-WSR-000047, SRG-APP-000092-WSR-000055

Fix

Navigate to and open: /usr/lib/vmware-sso/vmware-sts/conf/logging.properties Ensure that the "handlers" and ".handlers" lines are configured as follows: handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler .handlers = 1catalina.org.apache.juli.FileHandler 1catalina.org.apache.juli.FileHandler.level = FINE 1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs/tomcat 1catalina.org.apache.juli.FileHandler.prefix = catalina. 1catalina.org.apache.juli.FileHandler.bufferSize = -1 1catalina.org.apache.juli.FileHandler.formatter = java.util.logging.SimpleFormatter org.apache.catalina.startup.Catalina.handlers java.util.logging.SimpleFormatter 1catalina.org.apache.juli.FileHandler.maxDays = 10 org.apache.catalina.startup.Catalina.handlers = 1catalina.org.apache.juli.FileHandler Restart the service with the following command: # vmon-cli --restart sts