Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must only use remote syslog servers (log hosts) justified and documented using site-defined procedures.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| GEN005460-ESXI5-000060 | GEN005460-ESXI5-000060 | GEN005460-ESXI5-000060_rule | Medium |
| Description |
|---|
| If a remote log host is in use and it has not been justified and documented with the IAO, sensitive information could be obtained by unauthorized users without the SA's knowledge. A remote log host is any host to which the system is sending syslog messages over a network. |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-GEN005460-ESXI5-000060_chk ) |
|---|
| Verify that the vSphere Syslog Collector syslog host has been justified and documented with the IAO. From the vSphere Client: Select the host and click "Configuration >> Advanced Settings >> Syslog >> Global". Verify that the 'Syslog.global.logHost' is set to the (site-specific) syslog server hostname. If the 'Syslog.global.logHost' is not justified and documented with the IAO, this is a finding. |
| Fix Text (F-GEN005460-ESXI5-000060_fix) |
|---|
| Step 1: Verify that the vSphere Syslog Collector syslog host has been configured. If not, install/enable the vSphere Syslog Collector. Step 2: From the vSphere Client: Select the host and click "Configuration >> Advanced Settings >> Syslog >> Global". Step 3: Set 'Syslog.global.logHost' to the syslog server hostname justified and documented with the IAO. |