STIGQter STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The system syslog service must log informational and more severe SMTP service messages.

DISA Rule

SV-99189r1_rule

Vulnerability Number

V-88539

Group Title

SRG-OS-000096-GPOS-00050

Rule Version

VROM-SL-000575

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Edit the "/etc/syslog-ng/syslog-ng.conf" file and add the following log entries:

filter f_mailinfo { level(info) and facility(mail); };
filter f_mailwarn { level(warn) and facility(mail); };
filter f_mailerr { level(err, crit) and facility(mail); };
filter f_mail { facility(mail); };

destination mailinfo { file("/var/log/mail.info"); };
log { source(src); filter(f_mailinfo); destination(mailinfo); };

destination mailwarn { file("/var/log/mail.warn"); };
log { source(src); filter(f_mailwarn); destination(mailwarn); };

destination mailerr { file("/var/log/mail.err" fsync(yes)); };
log { source(src); filter(f_mailerr); destination(mailerr); };

Check Contents

Check the "/etc/syslog-ng/syslog-ng.conf" file for the following log entries:

filter f_mailinfo { level(info) and facility(mail); };
filter f_mailwarn { level(warn) and facility(mail); };
filter f_mailerr { level(err, crit) and facility(mail); };
filter f_mail { facility(mail); };

If any of the above log entries are present, this is not a finding.

Vulnerability Number

V-88539

Documentable

False

Rule Version

VROM-SL-000575

Severity Override Guidance

Check the "/etc/syslog-ng/syslog-ng.conf" file for the following log entries:

filter f_mailinfo { level(info) and facility(mail); };
filter f_mailwarn { level(warn) and facility(mail); };
filter f_mailerr { level(err, crit) and facility(mail); };
filter f_mail { facility(mail); };

If any of the above log entries are present, this is not a finding.

Check Content Reference

M

Target Key

3461

Comments