Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Envoy log files must be shipped via syslog to a central log server.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-256744 | VCRP-70-000008 | SV-256744r889170_rule | Medium |
| Description |
|---|
| Envoy rsyslog configuration is included in the "VMware-visl-integration" package and unpacked to "/etc/vmware-syslog/vmware-services-envoy.conf". Ensuring the package hashes are as expected also ensures the shipped rsyslog configuration is present and unmodified. |
| STIG | Date |
|---|---|
| VMware vSphere 7.0 vCenter Appliance RhttpProxy Security Technical Implementation Guide | 2023-02-21 |
Details
| Check Text ( C-60419r889168_chk ) |
|---|
| At the command prompt, run the following command: # rpm -V VMware-visl-integration|grep vmware-services-envoy.conf|grep "^..5......" If the command returns any output, this is a finding. |
| Fix Text (F-60362r889169_fix) |
|---|
| Navigate to and open: /etc/vmware-syslog/vmware-services-envoy.conf Create the file if it does not exist. Set the contents of the file as follows: #envoy service log input(type="imfile" File="/var/log/vmware/envoy/envoy.log" Tag="envoy-main" Severity="info" Facility="local0") #envoy access log input(type="imfile" File="/var/log/vmware/envoy/envoy-access.log" Tag="envoy-access" Severity="info" Facility="local0") |