Virtual machine moves are not logged from one physical server to another.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15901 | ESX1050 | SV-16843r1_rule | ECAR-1 ECAR-2 ECAR-3 | Medium |
| Description |
|---|
| Virtual machines may be moved from one computer to another similar to a normal file. This portability gives rise to a host of security problems. In the virtual machine world, the trusted computing base consists of all the hosts that the virtual machine has run on. If no history was maintained for each virtual machine, this can make it very difficult to figure out how far a security compromise has extended if the virtual machine has been moved several times. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-16261r1_chk ) |
|---|
| Ask the IAO/SA if Vmotion is used to migrate virtual machines from one ESX Server host to another. If not, this is Not Applicable. If so, perform the following on the ESX Server service console: # grep –in vmotion /var/log/vmware/vpx/vpxa*.log If the logs are compressed, perform the following: # zcat /var/log/vmware/vpx/vpxa*.log.gz | grep –i vmotion If no result is returned, this is a finding. |
| Fix Text (F-15862r1_fix) |
|---|
| Log all VMotion migrations. |