Check: GEN002870
VMware ESX 3 Server:
GEN002870
(in version v1 r2)
Title
The system must be configured to send audit records to a remote audit server. (Cat III impact)
Discussion
Audit records contain evidence that can be used in the investigation of compromised systems. To prevent this evidence from compromise, it must be sent to a separate system continuously. Methods for sending audit records include, but are not limited to, system audit tools used to send logs directly to another host or through the system's syslog service to another host.
Check Content
Consult vendor documentation to determine the settings required for the audit system for sending audit records to a remote system or via syslog. If the system is not configured to provide this function, this is a finding.
Fix Text
Consult vendor documentation for the settings required to configure the system to send audit records to a remote system. Implement the configuration settings.
Additional Identifiers
Rule ID: SV-30025r1_rule
Vulnerability ID: V-24357
Group Title: GEN002870
Expert Comments
CCIs
| Number | Definition |
|---|---|
| CCI-000136 |
The organization centrally manages the content of audit records generated by organization-defined information system components. |
Controls
| Number | Title |
|---|---|
| No controls are assigned to this check |