Check: VCLD-67-000006
VMware vSphere 6.7 VAMI-lighttpd STIG:
VCLD-67-000006
(in versions v1 r3 through v1 r2)
Title
VAMI must produce log records containing sufficient information to establish what type of events occurred. (Cat II impact)
Discussion
After a security incident has occurred, investigators will often review log files to determine what happened. Understanding what type of event occurred is critical for investigation of a suspicious event. Satisfies: SRG-APP-000095-WSR-000056, SRG-APP-000096-WSR-000057, SRG-APP-000097-WSR-000058, SRG-APP-000098-WSR-000059, SRG-APP-000099-WSR-000061, SRG-APP-000100-WSR-000064, SRG-APP-000374-WSR-000172, SRG-APP-000375-WSR-000171
Check Content
Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash". At the command prompt, execute the following command: # grep "^accesslog.format" /opt/vmware/etc/lighttpd/lighttpd.conf The default commented, accesslog format is acceptable for this requirement. No output should be returned. If the command returns any output, this is a finding.
Fix Text
Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf. Comment any existing accesslog.format lines by adding a "#" at the beginning of the line.
Additional Identifiers
Rule ID: SV-239720r879563_rule
Vulnerability ID: V-239720
Group Title: SRG-APP-000095-WSR-000056
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000130 |
The information system generates audit records containing information that establishes what type of event occurred. |
CCI-000131 |
The information system generates audit records containing information that establishes when an event occurred. |
CCI-000132 |
The information system generates audit records containing information that establishes where the event occurred. |
CCI-000133 |
The information system generates audit records containing information that establishes the source of the event. |
CCI-000134 |
The information system generates audit records containing information that establishes the outcome of the event. |
CCI-001487 |
The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event. |
CCI-001889 |
The information system records time stamps for audit records that meet organization-defined granularity of time measurement. |
CCI-001890 |
The information system records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT). |