Check: HRZV-7X-000015
VMware Horizon 7.13 Connection Server STIG:
HRZV-7X-000015
(in versions v1 r2 through v1 r1)
Title
The Horizon Connection Server must offload events to a central log server in real time. (Cat II impact)
Discussion
Information system logging capability is critical for accurate forensic analysis. Centralized management of log records provides for efficiency in maintenance and management of records, as well as the backup and archiving of those records. The Horizon Connection Server can be configured to send all events to a syslog receiver. Multiple servers can be configured but only the UDP protocol is supported at this time. Satisfies: SRG-APP-000358-AS-000064, SRG-APP-000515-AS-000203
Check Content
Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Event Configuration. The configured syslog servers are located in the right pane under "Syslog". If there are no valid syslog servers configured, this is a finding.
Fix Text
Log in to the Horizon 7 Console. From the left pane, navigate to Settings >> Event Configuration. In the right pane, under "Syslog", click "Add". Enter the address of your central log server and configure the port if necessary. Click "OK". Add other servers as necessary.
Additional Identifiers
Rule ID: SV-246896r879731_rule
Vulnerability ID: V-246896
Group Title: SRG-APP-000358-AS-000064
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001851 |
Transfer audit logs per organization-defined frequency to a different system, system component, or media than the system or system component conducting the logging. |
Controls
Number | Title |
---|---|
AU-4(1) |
Transfer to Alternate Storage |