ESXI-06-000030 – The system must produce audit records containing information to establish what type of events occurred.

Details

Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.

Solution

From the vSphere Client select the ESXi Host and go to Configuration >> Advanced Settings. Select the Config.HostAgent.log.level value and configure it to info.

From a PowerCLI command prompt while connected to the ESXi host run the following commands:

Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.log.level | Set-AdvancedSetting -Value ‘info’

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system VMware.

References

800-53|AU-3
CAT|III
CCI|CCI-000130
Group-ID|V-63229
Rule-ID|SV-77719r1_rule
STIG-ID|ESXI-06-000030
Vuln-ID|V-63229

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles