STIGQter STIGQter: STIG Summary: VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

HAProxy must be configured to use syslog.

DISA Rule

SV-99839r1_rule

Vulnerability Number

V-89189

Group Title

SRG-APP-000357-WSR-000150

Rule Version

VRAU-HA-000360

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Navigate to and open /etc/rsyslog.d/vcac.conf.

Configure the local0 syslog facility to write to an appropriate log file.

Navigate to and open /etc/haproxy/haproxy.cfg.

Configure the "globals" section with the following:

log 127.0.0.1 local0

Configure the "defaults" section with both of the following:

log global
option httplog

Navigate to and open the following files:

/etc/haproxy/conf.d/30-vro-config.cfg
/etc/haproxy/conf.d/20-vcac.cfg

Navigate to each frontend section.

Remove any log options from each frontend.

Check Contents

Navigate to and open /etc/haproxy/haproxy.cfg

Navigate to the "globals" section.

Verify that the "globals" section contains the "log" keyword, and that the "log" option contains the local0 syslog facility as its parameter.

If properly configured, the "globals" section will contain the following:

global
log 127.0.0.1 local0

If the local0 syslog facility is not configured, this is a finding.

Navigate to the "defaults" section.

Verify that the "defaults" section contains the "log" keyword with the global value.

Verify that an option keyword has been configured with the "httplog" value.

If properly configured, the "defaults" section will contain the following:

defaults
log global
option httplog

Navigate to and open the following files:

/etc/haproxy/conf.d/30-vro-config.cfg
/etc/haproxy/conf.d/20-vcac.cfg

Navigate to the each frontend section.

Verify that the "log" keyword has not been set for each frontend.

If the "log" keyword is present in a frontend, this is a finding.

Navigate to and open /etc/rsyslog.d/vcac.conf.

Review the configured syslog facilities and determine the location of the log file for the local0 syslog facility.

If the local0 syslog facility does not refer to a valid log file, this is a finding.

Navigate to and open the local0 syslog log file.

Verify that HAProxy is logging start and stop events to the log file.

If the log file is not recording HAProxy start and stop events, this is a finding.

Vulnerability Number

V-89189

Documentable

False

Rule Version

VRAU-HA-000360

Severity Override Guidance

Navigate to and open /etc/haproxy/haproxy.cfg

Navigate to the "globals" section.

Verify that the "globals" section contains the "log" keyword, and that the "log" option contains the local0 syslog facility as its parameter.

If properly configured, the "globals" section will contain the following:

global
log 127.0.0.1 local0

If the local0 syslog facility is not configured, this is a finding.

Navigate to the "defaults" section.

Verify that the "defaults" section contains the "log" keyword with the global value.

Verify that an option keyword has been configured with the "httplog" value.

If properly configured, the "defaults" section will contain the following:

defaults
log global
option httplog

Navigate to and open the following files:

/etc/haproxy/conf.d/30-vro-config.cfg
/etc/haproxy/conf.d/20-vcac.cfg

Navigate to the each frontend section.

Verify that the "log" keyword has not been set for each frontend.

If the "log" keyword is present in a frontend, this is a finding.

Navigate to and open /etc/rsyslog.d/vcac.conf.

Review the configured syslog facilities and determine the location of the log file for the local0 syslog facility.

If the local0 syslog facility does not refer to a valid log file, this is a finding.

Navigate to and open the local0 syslog log file.

Verify that HAProxy is logging start and stop events to the log file.

If the log file is not recording HAProxy start and stop events, this is a finding.

Check Content Reference

M

Target Key

3455

Comments