Check: VCUI-67-000027
VMware vSphere 6.7 UI Tomcat STIG:
VCUI-67-000027
(in versions v1 r3 through v1 r1)
Title
vSphere UI log files must be moved to a permanent repository in accordance with site policy. (Cat II impact)
Discussion
vSphere UI produces a handful of logs that must be offloaded from the originating system. This information can then be used for diagnostic, forensic, or other purposes relevant to ensuring the availability and integrity of the hosted application. Satisfies: SRG-APP-000358-WSR-000163, SRG-APP-000108-WSR-000166, SRG-APP-000125-WSR-000071
Check Content
At the command prompt, execute the following command: # grep -v "^#" /etc/vmware-syslog/stig-services-vsphere-ui.conf Expected result: input(type="imfile" File="/var/log/vmware/vsphere-ui/logs/access/localhost_access*" Tag="ui-access" Severity="info" Facility="local0") input(type="imfile" File="/var/log/vmware/vsphere-ui/logs/vsphere-ui-runtime*" Tag="ui-runtime" Severity="info" Facility="local0") If the file does not exist, this is a finding. If the output of the command does not match the expected result, this is a finding.
Fix Text
Navigate to and open /etc/vmware-syslog/stig-services-vsphere-ui.conf. Create the file if it does not exist. Set the contents of the file as follows: input(type="imfile" File="/var/log/vmware/vsphere-ui/logs/access/localhost_access*" Tag="ui-access" Severity="info" Facility="local0") input(type="imfile" File="/var/log/vmware/vsphere-ui/logs/vsphere-ui-runtime*" Tag="ui-runtime" Severity="info" Facility="local0")
Additional Identifiers
Rule ID: SV-239708r879731_rule
Vulnerability ID: V-239708
Group Title: SRG-APP-000358-WSR-000163
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000139 |
The information system alerts designated organization-defined personnel or roles in the event of an audit processing failure. |
CCI-001348 |
The information system backs up audit records on an organization-defined frequency onto a different system or system component than the system or component being audited. |
CCI-001851 |
The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited. |