VMware vSphere 6.7 ESXi STIG Version Comparison
VMware vSphere 6.7 ESXi Security Technical Implementation Guide
Comparison
There are 5 differences between versions v1 r1 (March 9, 2021) (the "left" version) and v1 r2 (Feb. 8, 2022) (the "right" version).
Check ESXI-67-100004 was removed from the benchmark in the "right" version. The text below reflects the old wording.
This check's original form is available here.
Text Differences
Title
The ESXi host must centrally review and analyze audit records from multiple components within the system by configuring remote logging.
Check Content
From the vSphere Client, select the ESXi host and go to Configuration >> Advanced Settings. Select the "Syslog.global.logHost" value and verify it is set to a site-specific syslog server hostname. or From a PowerCLI command prompt while connected to the ESXi host, run the following command: Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logHost If the "Syslog.global.logHost" value is not set to a site-specific syslog server, this is a finding.
Discussion
Remote logging to a central log host provides a secure, centralized store for ESXi logs. By gathering host log files onto a central host, it can more easily monitor all hosts with a single tool. It can also do aggregate analysis and searching to look for such things as coordinated attacks on multiple hosts. Logging to a secure, centralized log server also helps prevent log tampering and provides a long-term audit record. Satisfies: SRG-OS-000051-VMM-000230, SRG-OS-000058-VMM-000270, SRG-OS-000059-VMM-000280
Fix
From the vSphere Client, select the ESXi host and go to Configuration >> Advanced Settings. Select the "Syslog.global.logHost" value and configure it to a site-specific syslog server. or From a PowerCLI command prompt while connected to the ESXi host, run the following commands: Get-VMHost | Get-AdvancedSetting -Name Syslog.global.logHost | Set-AdvancedSetting -Value "<insert syslog server hostname>"