STIGQter: STIG Summary: VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018: STIGQter: STIG Summary: VMW vRealize Automation 7.x HA Proxy Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:SV-99841r1_rule
V-89191
SRG-APP-000358-WSR-000063
VRAU-HA-000365
CAT II
10
Navigate to and open /etc/rsyslog.d/vcac.conf.
Configure the local0 syslog facility to write to an appropriate log file.
Navigate to and open /etc/haproxy/haproxy.cfg. Configure the globals section with the following:
log 127.0.0.1 local0
Configure the defaults section with both of the following:
log global
option httplog
Navigate to and open /etc/haproxy/haproxy.cfg
Navigate to the "globals" section.
Verify that the "globals" section contains the "log" keyword, and that the "log" option contains the local0 syslog facility as its parameter.
If properly configured, the "globals" section will contain the following:
global
log 127.0.0.1 local0
If the local0 syslog facility is not configured, this is a finding.
Navigate to the "defaults" section.
Verify that the "defaults" section contains the "log" keyword with the global value.
Verify that an option keyword has been configured with the "httplog" value.
If properly configured, the "defaults" section will contain the following:
defaults
log global
option httplog
Navigate to and open the following files:
/etc/haproxy/conf.d/30-vro-config.cfg
/etc/haproxy/conf.d/20-vcac.cfg
Navigate to the each frontend section.
Verify that the "log" keyword has not been set for each frontend.
If the "log" keyword is present in a frontend, this is a finding.
Navigate to and open /etc/rsyslog.d/vcac.conf.
Review the configured syslog facilities and determine the location of the log file for the local0 syslog facility.
If the local0 syslog facility does not refer to a valid log file, this is a finding.
Navigate to and open the local0 syslog log file.
Verify that HAProxy is logging start and stop events to the log file.
If the log file is not recording HAProxy start and stop events, this is a finding.
V-89191
False
VRAU-HA-000365
Navigate to and open /etc/haproxy/haproxy.cfg
Navigate to the "globals" section.
Verify that the "globals" section contains the "log" keyword, and that the "log" option contains the local0 syslog facility as its parameter.
If properly configured, the "globals" section will contain the following:
global
log 127.0.0.1 local0
If the local0 syslog facility is not configured, this is a finding.
Navigate to the "defaults" section.
Verify that the "defaults" section contains the "log" keyword with the global value.
Verify that an option keyword has been configured with the "httplog" value.
If properly configured, the "defaults" section will contain the following:
defaults
log global
option httplog
Navigate to and open the following files:
/etc/haproxy/conf.d/30-vro-config.cfg
/etc/haproxy/conf.d/20-vcac.cfg
Navigate to the each frontend section.
Verify that the "log" keyword has not been set for each frontend.
If the "log" keyword is present in a frontend, this is a finding.
Navigate to and open /etc/rsyslog.d/vcac.conf.
Review the configured syslog facilities and determine the location of the log file for the local0 syslog facility.
If the local0 syslog facility does not refer to a valid log file, this is a finding.
Navigate to and open the local0 syslog log file.
Verify that HAProxy is logging start and stop events to the log file.
If the log file is not recording HAProxy start and stop events, this is a finding.
M
3455