STIGQter STIGQter: STIG Summary: VMware vSphere 6.7 Photon OS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The Photon operating system must have sshd authentication logging enabled.

DISA Rule

SV-239079r675045_rule

Vulnerability Number

V-239079

Group Title

SRG-OS-000032-GPOS-00013

Rule Version

PHTN-67-000007

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Open /etc/rsyslog.conf with a text editor and locate the following line:

$IncludeConfig /etc/vmware-syslog/syslog.conf

Ensure that the following entry is put beneath the stated line and before the "# vmware services" line.

authpriv.* /var/log/audit/sshinfo.log

If the following line is at the end of the file, it must be removed or commented out:

auth.* /var/log/auth.log

At the command line, execute the following command:

# systemctl restart syslog
# service sshd reload

Check Contents

At the command line, execute the following command:

# grep "^authpriv" /etc/rsyslog.conf

Expected result:

authpriv.* /var/log/audit/sshinfo.log

If the command does not return any output, this is a finding.

Vulnerability Number

V-239079

Documentable

False

Rule Version

PHTN-67-000007

Severity Override Guidance

At the command line, execute the following command:

# grep "^authpriv" /etc/rsyslog.conf

Expected result:

authpriv.* /var/log/audit/sshinfo.log

If the command does not return any output, this is a finding.

Check Content Reference

M

Target Key

5323

Comments