Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-239072 | PHTN-67-000129 | SV-239072r717090_rule | Medium |
Description |
---|
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000447-GPOS-00201 |
STIG | Date |
---|---|
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide | 2022-01-03 |
Check Text ( C-42283r675022_chk ) |
---|
At the command prompt, execute the following command: # grep -v "^#" /etc/vmware-syslog/stig-services-auditd.conf Expected result: input(type="imfile" File="/var/log/audit/audit.log" Tag="auditd" Severity="info" Facility="local0") If the file does not exist, this is a finding. If the output of the command does not match the expected result above, this is a finding. |
Fix Text (F-42242r675023_fix) |
---|
Open /etc/vmware-syslog/vmware-syslog/stig-services-auditd.conf with a text editor. Create the file if it does not exist. Set the contents of the file as follows: input(type="imfile" File="/var/log/audit/audit.log" Tag="auditd" Severity="info" Facility="local0") |