Detections
Analytics
VCLD-80-000005 The vCenter VAMI service must generate information to monitor remote access.
Information
Remote access can be exploited by an attacker to compromise the server. By recording all remote access activities, it will be possible to determine the attacker's location, intent, and degree of success.VAMI uses the "mod_accesslog" module to log information relating to remote requests. These logs can then be piped to external monitoring systems.
Solution
Navigate to and open:/opt/vmware/etc/lighttpd/applmgmt-lighttpd.conf
Add the following value in the "server.modules" section:
mod_accesslog
The result should be similar to the following:
server.modules += ("mod_accesslog", "mod_cgi", "mod_magnet", "mod_rewrite")
Restart the service with the following command:
# systemctl restart cap-lighttpd
See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_8-0_Y24M08_STIG.zip
Item Details
Category: ACCESS CONTROL
References: 800-53|AC-17(1), CAT|II, CCI|CCI-000067, Rule-ID|SV-259139r1003691_rule, STIG-ID|VCLD-80-000005, Vuln-ID|V-259139
Plugin: Unix
Control ID: 16c2c7c370a57a8255e8e7725a7da8293be2d17dcb52ee745e63aeb8f7f7b1dc