UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Virtual machine moves are not logged from one physical server to another.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15901 ESX1050 SV-16843r1_rule ECAR-1 ECAR-2 ECAR-3 Medium
Description
Virtual machines may be moved from one computer to another similar to a normal file. This portability gives rise to a host of security problems. In the virtual machine world, the trusted computing base consists of all the hosts that the virtual machine has run on. If no history was maintained for each virtual machine, this can make it very difficult to figure out how far a security compromise has extended if the virtual machine has been moved several times.
STIG Date
VMware ESX 3 Server 2016-05-13

Details

Check Text ( C-16261r1_chk )
Ask the IAO/SA if Vmotion is used to migrate virtual machines from one ESX Server host to another. If not, this is Not Applicable. If so, perform the following on the ESX Server service console:

# grep –in vmotion /var/log/vmware/vpx/vpxa*.log

If the logs are compressed, perform the following:

# zcat /var/log/vmware/vpx/vpxa*.log.gz | grep –i vmotion

If no result is returned, this is a finding.

Fix Text (F-15862r1_fix)
Log all VMotion migrations.