Check: VCLD-67-000011
VMware vSphere 6.7 VAMI-lighttpd STIG:
VCLD-67-000011
(in versions v1 r3 through v1 r2)
Title
VAMI log files must only be accessible by privileged users. (Cat II impact)
Discussion
Log data is essential in the investigation of events. If log data were to become compromised, competent forensic analysis and discovery of the true source of potentially malicious system activity would be difficult, if not impossible, to achieve. In addition, access to log records provides information an attacker could potentially use to their advantage since each event record might contain communication ports, protocols, services, trust relationships, user names, etc. Satisfies: SRG-APP-000118-WSR-000068, SRG-APP-000119-WSR-000069, SRG-APP-000120-WSR-000070
Check Content
Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash". At the command prompt, execute the following command: # stat -c "%n has %a permissions and is owned by %U:%G" /opt/vmware/var/log/lighttpd/*.log Expected result: /opt/vmware/var/log/lighttpd/access.log has 640 permissions and is owned by root:root /opt/vmware/var/log/lighttpd/error.log has 640 permissions and is owned by root:root If the output does not match the expected result, this is a finding.
Fix Text
At the command prompt, enter the following command: # chown root:root /opt/vmware/var/log/lighttpd/*.log # chmod 640 /opt/vmware/var/log/lighttpd/*.log
Additional Identifiers
Rule ID: SV-239721r879576_rule
Vulnerability ID: V-239721
Group Title: SRG-APP-000118-WSR-000068
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000162 |
The information system protects audit information from unauthorized access. |
CCI-000163 |
The information system protects audit information from unauthorized modification. |
CCI-000164 |
The information system protects audit information from unauthorized deletion. |
Controls
Number | Title |
---|---|
AU-9 |
Protection Of Audit Information |