Select any two versions of this STIG to compare the individual requirements
Select any old version/release of this STIG to view the previous requirements
At the command prompt, execute the following command: grep log4j.appender.rollingFile.file /usr/local/horizon/conf/saas-log4j.properties If the "log4j.appender.rollingFile.file" is not set to "/opt/vmware/horizon/workspace/logs/horizon.log" or is commented out or is missing, this is a finding.
Navigate to and open /usr/local/horizon/conf/saas-log4j.properties. Configure the vIDM policy log file with the following lines: log4j.appender.rollingFile=org.apache.log4j.RollingFileAppender log4j.appender.rollingFile.MaxFileSize=50MB log4j.appender.rollingFile.MaxBackupIndex=7 log4j.appender.rollingFile.Encoding=UTF-8 log4j.appender.rollingFile.file=/opt/vmware/horizon/workspace/logs/horizon.log log4j.appender.rollingFile.append=true log4j.appender.rollingFile.layout=org.apache.log4j.PatternLayout log4j.appender.rollingFile.layout.ConversionPattern=%d{ISO8601} %-5p (%t) [%X{orgId};%X{userId};%X{ip}] %c - %m%n
Interview the ISSO. Obtain the correct configuration for the site's Directory services. In a browser, log in with Tenant admin privileges and navigate to the Administration page. Select Directories Management >> Directories. Click on the configured Directory to review the configuration. If the Directory service is not configured correctly, this is a finding.
Interview the ISSO. Obtain the correct configuration for the site's Directory services. In a browser, log in with Tenant admin privileges, and navigate to the Administration page. Select Directories Management >> Directories. Click on the configured Directory to edit the configuration in accordance with the instructions provided by the ISSO.
In a browser, log in with Tenant admin privileges, and navigate to the Administration page. Select Directories Management >> Directories. Click on the configured Directory to review the configuration. If the SSL checkbox is not selected, this is a finding. Note: The checkbox is labeled, "This Directory requires all connections to use SSL".
In a browser, log in with Tenant admin privileges, and navigate to the Administration page. Select Directories Management >> Directories. Click on the configured Directory to review the configuration. Check the checkbox that is labeled, "This Directory requires all connections to use SSL". Click "Save".
Interview the ISSO. Obtain the correct configuration for clustering used by the site. Review the vRealize Automation appliance's installation, environment, and configuration. Determine if vRA clustering has been correctly implemented. If vRA is not correctly implementing clustering, this is a finding.
Interview the ISSO. Obtain the correct configuration for clustering used by the site. Configure vRealize Automation to be in compliance with the clustering design provided by the ISSO.
At the command prompt, execute the following command: grep log4j.appender.rollingFile.file /usr/local/horizon/conf/saas-log4j.properties If the "log4j.appender.rollingFile.file" is not set to "/opt/vmware/horizon/workspace/logs/horizon.log" or is commented out or is missing, this is a finding.
Navigate to and open /usr/local/horizon/conf/saas-log4j.properties. Configure the vIDM policy log file with the following lines: log4j.appender.rollingFile=org.apache.log4j.RollingFileAppender log4j.appender.rollingFile.MaxFileSize=50MB log4j.appender.rollingFile.MaxBackupIndex=7 log4j.appender.rollingFile.Encoding=UTF-8 log4j.appender.rollingFile.file=/opt/vmware/horizon/workspace/logs/horizon.log log4j.appender.rollingFile.append=true log4j.appender.rollingFile.layout=org.apache.log4j.PatternLayout log4j.appender.rollingFile.layout.ConversionPattern=%d{ISO8601} %-5p (%t) [%X{orgId};%X{userId};%X{ip}] %c - %m%n
If vRA is not installed in a MAC I system, this is Not Applicable. Interview the ISSO. Obtain the correct configuration for clustering used by the site. Review the vRealize Automation appliance's installation, environment, and configuration. Determine if vRA clustering has been correctly implemented. If vRA is not correctly implementing clustering, this is a finding.
If vRA is not installed in a MAC I system, this is Not Applicable. Interview the ISSO. Obtain the correct configuration for clustering used by the site. Configure vRealize Automation to be in compliance with the clustering design provided by the ISSO.
Obtain the current vRealize Automation STIGs from the ISSO. Verify that this STIG is the most current STIG available for vRealize Automation. Assess all of the organization's vRA installations to ensure that they are fully compliant with the most current STIG. If the most current version of the vRA STIG was not used, or if the vRA appliance configuration is not compliant with the most current STIG, this is a finding.
Obtain the most current vRealize Automation STIG. Verify that this vRA appliance is configured with all current requirements.
vRealize Automation 7.x vIDM is no longer supported by the vendor. If the system is running vRealize Automation 7.x vIDM, this is a finding.
Upgrade to a supported version.