Check: VCLD-67-000005
VMware vSphere 6.7 VAMI-lighttpd STIG:
VCLD-67-000005
(in version v1 r1)
Title
VAMI must generate log records for system startup and shutdown. (Cat II impact)
Discussion
Logging must be started as soon as possible when a service starts and when a service is stopped. Many forms of suspicious actions can be detected by analyzing logs for unexpected service starts and stops. Also, by starting to log immediately after a service starts, it becomes more difficult for suspicious activity to go unlogged.
Check Content
At the command prompt, execute the following command: # /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|grep "server.errorlog" Expected result: server.errorlog = "/opt/vmware/var/log/lighttpd/error.log" If the output does not match the expected result, this is a finding.
Fix Text
Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf. Add or reconfigure the following value: server.errorlog = "/opt/vmware/var/log/lighttpd/error.log"
Additional Identifiers
Rule ID: SV-239719r679267_rule
Vulnerability ID: V-239719
Group Title: SRG-APP-000089-WSR-000047
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000169 |
The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components. |
Controls
Number | Title |
---|---|
AU-12 |
Audit Generation |