Check: ESXI-65-000030
VMware vSphere 6.5 ESXi STIG:
ESXI-65-000030
(in versions v2 r4 through v1 r1)
Title
The ESXi host must produce audit records containing information to establish what type of events occurred. (Cat III impact)
Discussion
Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
Check Content
From the vSphere Web Client select the ESXi Host and go to Configure >> System >> Advanced System Settings. Select the Config.HostAgent.log.level value and verify it is set to "info". or From a PowerCLI command prompt while connected to the ESXi host run the following command: Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.log.level If the Config.HostAgent.log.level setting is not set to info, this is a finding. Note: Verbose logging level is acceptable for troubleshooting purposes.
Fix Text
From the vSphere Web Client select the ESXi Host and go to Configure >> System >> Advanced System Settings. Click Edit and select the Config.HostAgent.log.level value and configure it to "info". or From a PowerCLI command prompt while connected to the ESXi host run the following commands: Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.log.level | Set-AdvancedSetting -Value "info"
Additional Identifiers
Rule ID: SV-207631r378616_rule
Vulnerability ID: V-207631
Group Title: SRG-OS-000037-VMM-000150
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000130 |
The information system generates audit records containing information that establishes what type of event occurred. |
Controls
Number | Title |
---|---|
AU-3 |
Content Of Audit Records |