Check: PHTN-30-000013
VMware vSphere 7.0 vCenter Appliance Photon OS STIG:
PHTN-30-000013
(in versions v1 r3 through v1 r1)
Title
The Photon operating system must have the auditd service running. (Cat II impact)
Discussion
Event outcomes can include indicators of event success or failure and event-specific results (e.g., the security state of the information system after the event occurred). They also provide a means to measure the impact of an event and help authorized personnel to determine the appropriate response. Satisfies: SRG-OS-000042-GPOS-00021, SRG-OS-000062-GPOS-00031, SRG-OS-000255-GPOS-00096, SRG-OS-000363-GPOS-00150, SRG-OS-000365-GPOS-00152, SRG-OS-000445-GPOS-00199, SRG-OS-000446-GPOS-00200, SRG-OS-000461-GPOS-00205, SRG-OS-000467-GPOS-00211, SRG-OS-000465-GPOS-00209, SRG-OS-000474-GPOS-00219, SRG-OS-000475-GPOS-00220
Check Content
At the command line, run the following command: # systemctl status auditd If the service is not running, this is a finding.
Fix Text
At the command line, run the following commands: # systemctl enable auditd # systemctl start auditd
Additional Identifiers
Rule ID: SV-256490r887144_rule
Vulnerability ID: V-256490
Group Title: SRG-OS-000042-GPOS-00021
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000135 |
The information system generates audit records containing the organization-defined additional, more detailed information that is to be included in the audit records. |
CCI-000169 |
The information system provides audit record generation capability for the auditable events defined in AU-2 a. at organization-defined information system components. |
CCI-000172 |
The information system generates audit records for the events defined in AU-2 d. with the content defined in AU-3. |
CCI-001487 |
The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event. |
CCI-001744 |
The information system implements organization-defined security responses automatically if baseline configurations are changed in an unauthorized manner. |
CCI-001814 |
The Information system supports auditing of the enforcement actions. |
CCI-002696 |
The information system verifies correct operation of organization-defined security functions. |
CCI-002699 |
The information system performs verification of the correct operation of organization-defined security functions: when the system is in an organization-defined transitional state; upon command by a user with appropriate privileges; and/or on an organization-defined frequency. |
Controls
Number | Title |
---|---|
AU-3 |
Content Of Audit Records |
AU-3 (1) |
Additional Audit Information |
AU-12 |
Audit Generation |
CM-3 (5) |
Automated Security Response |
CM-5 (1) |
Automated Access Enforcement / Auditing |
SI-6 |
Security Function Verification |