Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-239112 | PHTN-67-000040 | SV-239112r816625_rule | Medium |
Description |
---|
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Proper configuration of rsyslog ensures that information critical to forensic analysis of security events is available for future action without any manual offloading or cron jobs. Satisfies: SRG-OS-000205-GPOS-00083, SRG-OS-000274-GPOS-00104, SRG-OS-000275-GPOS-00105, SRG-OS-000276-GPOS-00106, SRG-OS-000277-GPOS-00107, SRG-OS-000479-GPOS-00224 |
STIG | Date |
---|---|
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide | 2022-01-03 |
Check Text ( C-42323r816623_chk ) |
---|
At the command line, execute the following command: # cat /etc/vmware-syslog/syslog.conf The output should be similar to the following (*.* or AO approved logging events): *.* @ If no line is returned or if the line is commented or no valid syslog server is specified, this is a finding. OR Navigate to https:// If no site-specific syslog server is configured, this is a finding. |
Fix Text (F-42282r816624_fix) |
---|
Open /etc/vmware-syslog/syslog.conf with a text editor. Remove any existing content and create a new remote server configuration line. For UDP (*.* or AO approved logging events): *.* @ For TCP (*.* or AO approved logging events): *.* @@ OR Navigate to https:// Authenticate and navigate to "Syslog Configuration". Click "Edit" in the top right. Configure a remote syslog server and click "OK". |