VAMI must produce log records containing sufficient information to establish what type of events occurred.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-239720	VCLD-67-000006	SV-239720r679270_rule		Medium

Description
After a security incident has occurred, investigators will often review log files to determine what happened. Understanding what type of event occurred is critical for investigation of a suspicious event. Satisfies: SRG-APP-000095-WSR-000056, SRG-APP-000096-WSR-000057, SRG-APP-000097-WSR-000058, SRG-APP-000098-WSR-000059, SRG-APP-000099-WSR-000061, SRG-APP-000100-WSR-000064, SRG-APP-000374-WSR-000172, SRG-APP-000375-WSR-000171

Description

After a security incident has occurred, investigators will often review log files to determine what happened. Understanding what type of event occurred is critical for investigation of a suspicious event. Satisfies: SRG-APP-000095-WSR-000056, SRG-APP-000096-WSR-000057, SRG-APP-000097-WSR-000058, SRG-APP-000098-WSR-000059, SRG-APP-000099-WSR-000061, SRG-APP-000100-WSR-000064, SRG-APP-000374-WSR-000172, SRG-APP-000375-WSR-000171

STIG	Date
VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide	2021-04-15

Details

Check Text ( C-42953r679268_chk )
At the command prompt, execute the following command: # grep "^accesslog.format" /opt/vmware/etc/lighttpd/lighttpd.conf The default commented, accesslog format is acceptable for this requirement. No output should be returned. If the command returns any output, this is a finding.

Fix Text (F-42912r679269_fix)
Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf. Comment any existing accesslog.format lines by adding a "#" at the beginning of the line.