The Horizon Connection Server must protect log files from unauthorized access.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-246895 | HRZV-7X-000014 | SV-246895r768645_rule | Medium |
| Description |
|---|
| Error logs can contain sensitive information about system errors and system architecture that need to be protected from unauthorized access and modification. By default, Horizon Connection Server logs are only accessible by local windows Administrators. This configuration must be verified and maintained. |
| STIG | Date |
|---|---|
| VMware Horizon 7.13 Connection Server Security Technical Implementation Guide | 2021-07-30 |
Details
| Check Text ( C-50327r768643_chk ) |
|---|
| On the Horizon Connection Server, navigate to "C:\ProgramData\VMware\VDM". Right-click the "logs" folder and select "Properties". Change to the "Security" tab. By default, only built-in system accounts such as "SYSTEM" and "NETWORK SERVICE" plus the local "Administrators" group have access to the "logs" folder. If any other groups have any permissions on this folder, this is a finding. |
| Fix Text (F-50281r768644_fix) |
|---|
| On the Horizon Connection Server, navigate to "C:\ProgramData\VMware\VDM". Right-click the "logs" folder and select "Properties". Change to the "Security" tab. Click "Edit…". Highlight any groups or users that are not built-in system administrative accounts or the local "Administrators" group. Click "Remove". Click "OK". Click "OK". |