PHTN-67-000129 - The Photon operating system must be configured to offload audit logs to a syslog server.

Information

Information stored in one location is vulnerable to accidental or incidental deletion or alteration.

Offloading is a common process in information systems with limited audit storage capacity.

Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000447-GPOS-00201

Solution

Open /etc/vmware-syslog/stig-services-auditd.conf with a text editor.

Create the file if it does not exist.

Set the contents of the file as follows:

input(type='imfile' File='/var/log/audit/audit.log'
Tag='auditd'
Severity='info'
Facility='local0')

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AU-4(1), 800-53|SI-6d., CAT|II, CCI|CCI-001851, CCI|CCI-002702, Rule-ID|SV-239072r877390_rule, STIG-ID|PHTN-67-000129, Vuln-ID|V-239072

Plugin: Unix

Control ID: 96af6c4e7a8543b83f778a6b02986427f930c029e990696382f6395eb0619a4d