STIGQter: STIG Summary: VMware vSphere 6.7 VAMI-lighttpd Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

VAMI must produce log records containing sufficient information to establish what type of events occurred.

DISA Rule

SV-239720r679270_rule

Vulnerability Number

V-239720

Group Title

SRG-APP-000095-WSR-000056

Rule Version

VCLD-67-000006

Severity

CAT II

CCI(s)

• CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.
• CCI-000131 - The information system generates audit records containing information that establishes when an event occurred.
• CCI-000132 - The information system generates audit records containing information that establishes where the event occurred.
• CCI-000133 - The information system generates audit records containing information that establishes the source of the event.
• CCI-000134 - The information system generates audit records containing information that establishes the outcome of the event.
• CCI-001487 - The information system generates audit records containing information that establishes the identity of any individuals or subjects associated with the event.
• CCI-001889 - The information system records time stamps for audit records that meet organization-defined granularity of time measurement.
• CCI-001890 - The information system records time stamps for audit records that can be mapped to Coordinated Universal Time (UTC) or Greenwich Mean Time (GMT).

Weight

10

Fix Recommendation

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.

Comment any existing accesslog.format lines by adding a "#" at the beginning of the line.

Check Contents

At the command prompt, execute the following command:

# grep "^accesslog.format" /opt/vmware/etc/lighttpd/lighttpd.conf

The default commented, accesslog format is acceptable for this requirement. No output should be returned.

If the command returns any output, this is a finding.

Vulnerability Number

V-239720

Documentable

False

Rule Version

VCLD-67-000006

Severity Override Guidance

At the command prompt, execute the following command:

# grep "^accesslog.format" /opt/vmware/etc/lighttpd/lighttpd.conf

The default commented, accesslog format is acceptable for this requirement. No output should be returned.

If the command returns any output, this is a finding.

Check Content Reference

M

Target Key

5335

Comments