UCF STIG Viewer Logo

VAMI must produce log records containing sufficient information to establish what type of events occurred.


Overview

Finding ID Version Rule ID IA Controls Severity
V-239720 VCLD-67-000006 SV-239720r816789_rule Medium
Description
After a security incident has occurred, investigators will often review log files to determine what happened. Understanding what type of event occurred is critical for investigation of a suspicious event. Satisfies: SRG-APP-000095-WSR-000056, SRG-APP-000096-WSR-000057, SRG-APP-000097-WSR-000058, SRG-APP-000098-WSR-000059, SRG-APP-000099-WSR-000061, SRG-APP-000100-WSR-000064, SRG-APP-000374-WSR-000172, SRG-APP-000375-WSR-000171
STIG Date
VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide 2022-01-03

Details

Check Text ( C-42953r816788_chk )
Note: The below command must be run from a bash shell and not from a shell generated by the "appliance shell". Use the "chsh" command to change the shell for the account to "/bin/bash".

At the command prompt, execute the following command:

# grep "^accesslog.format" /opt/vmware/etc/lighttpd/lighttpd.conf

The default commented, accesslog format is acceptable for this requirement. No output should be returned.

If the command returns any output, this is a finding.
Fix Text (F-42912r679269_fix)
Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.

Comment any existing accesslog.format lines by adding a "#" at the beginning of the line.