Check: GEN004460
VMware ESX 3 Server:
GEN004460
(in version v1 r2)
Title
The system syslog service must log informational and more severe SMTP service messages. (Cat II impact)
Discussion
If informational and more severe SMTP service messages are not logged, malicious activity on the system may go unnoticed.
Check Content
Check the syslog configuration file for mail.crit logging configuration. Procedure: # more /etc/syslog.conf Verify a line similar to one of the following lines is present in syslog.conf is configured so that critical mail log data is logged. (Critical log data may also be captured by a remote log host in accordance with GEN005460.) mail.crit /var/adm/messages *.crit /var/log/messages If syslog is not configured to log critical Sendmail messages, this is a finding.
Fix Text
Edit the syslog.conf file and add a configuration line specifying an appropriate destination for mail.crit syslogs.
Additional Identifiers
Rule ID: SV-836r2_rule
Vulnerability ID: V-836
Group Title: GEN004460
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000126 |
The organization determines that the organization-defined subset of the auditable events defined in AU-2 are to be audited within the information system. |
Controls
Number | Title |
---|---|
AU-2 |
Audit Events |