UCF STIG Viewer Logo

The Photon operating system must be configured to offload audit logs to a syslog server.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239072 PHTN-67-000129 SV-239072r840145_rule Medium
Description
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000447-GPOS-00201
STIG Date
VMware vSphere 6.7 Photon OS Security Technical Implementation Guide 2022-06-17

Details

Check Text ( C-42283r675022_chk )
At the command prompt, execute the following command:

# grep -v "^#" /etc/vmware-syslog/stig-services-auditd.conf

Expected result:

input(type="imfile" File="/var/log/audit/audit.log"
Tag="auditd"
Severity="info"
Facility="local0")

If the file does not exist, this is a finding.

If the output of the command does not match the expected result above, this is a finding.
Fix Text (F-42242r840144_fix)
Open /etc/vmware-syslog/stig-services-auditd.conf with a text editor.

Create the file if it does not exist.

Set the contents of the file as follows:

input(type="imfile" File="/var/log/audit/audit.log"
Tag="auditd"
Severity="info"
Facility="local0")