Detections
Analytics
PHTN-67-000129 - The Photon operating system must be configured to offload audit logs to a syslog server.
Information
Information stored in one location is vulnerable to accidental or incidental deletion or alteration.Offloading is a common process in information systems with limited audit storage capacity.
Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000447-GPOS-00201
Solution
Open /etc/vmware-syslog/stig-services-auditd.conf with a text editor.Create the file if it does not exist.
Set the contents of the file as follows:
input(type='imfile' File='/var/log/audit/audit.log'
Tag='auditd'
Severity='info'
Facility='local0')
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip
Item Details
Audit Name: DISA STIG VMware vSphere 6.7 Photon OS v1r6
Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY
References: 800-53|AU-4(1), 800-53|SI-6d., CAT|II, CCI|CCI-001851, CCI|CCI-002702, Rule-ID|SV-239072r877390_rule, STIG-ID|PHTN-67-000129, Vuln-ID|V-239072
Plugin: Unix
Control ID: 96af6c4e7a8543b83f778a6b02986427f930c029e990696382f6395eb0619a4d