VAMI must generate log records for system startup and shutdown.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-239719	VCLD-67-000005	SV-239719r816787_rule		Medium

Description
Logging must be started as soon as possible when a service starts and when a service is stopped. Many forms of suspicious actions can be detected by analyzing logs for unexpected service starts and stops. Also, by starting to log immediately after a service starts, it becomes more difficult for suspicious activity to go unlogged.

STIG	Date
VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide	2022-01-03

Details

Check Text ( C-42952r816786_chk )
Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash". At the command prompt, execute the following command: # /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf\|grep "server.errorlog" Expected result: server.errorlog = "/opt/vmware/var/log/lighttpd/error.log" If the output does not match the expected result, this is a finding.

Check Text ( C-42952r816786_chk )

Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash".

At the command prompt, execute the following command:

# /opt/vmware/sbin/vami-lighttpd -p -f /opt/vmware/etc/lighttpd/lighttpd.conf|grep "server.errorlog"

Expected result:

server.errorlog = "/opt/vmware/var/log/lighttpd/error.log"

If the output does not match the expected result, this is a finding.

Fix Text (F-42911r679266_fix)
Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf. Add or reconfigure the following value: server.errorlog = "/opt/vmware/var/log/lighttpd/error.log"