The operating system must employ automated mechanisms to alert security personnel of any organization-defined inappropriate or unusual activities with security implications.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| SRG-OS-000214-ESXI5-PF | SRG-OS-000214-ESXI5-PF | SRG-OS-000214-ESXI5-PF_rule | Medium |
| Description |
|---|
| Successful incident response and auditing relies on timely, accurate system information and analysis in order to allow the organization to identify and respond to potential incidents in a proficient manner. Automated alarming mechanisms provide the appropriate personnel with the capability to immediately respond and react to events categorized as unusual or having security implications that could be detrimental to system and/or organizational security. Applicable, but permanent finding - The hypervisor does not support this functionality. - Auditing cannot be configured/implemented like a typical UNIX system. Auditing is turned on by default, as is logging. Syslog is the best way to ensure all access is logged. Access is limited to privileged roles only. In lockdown mode (required), only the vpxuser proxy has access. |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-SRG-OS-000214-ESXI5-PF_chk ) |
|---|
| ESXi does not support this requirement. This is a permanent finding. |
| Fix Text (F-SRG-OS-000214-ESXI5-PF_fix) |
|---|
| This requirement is a permanent finding and cannot be fixed. An appropriate mitigation for the system must be implemented but this finding cannot be considered fixed. |