ESXI-67-000030 – The ESXi host must produce audit records containing information to establish what type of events occurred.

Details

Without establishing what types of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.

Satisfies: SRG-OS-000037-VMM-000150, SRG-OS-000063-VMM-000310

Solution

From the vSphere Client, select the ESXi Host and go to Configure >> System >> Advanced System Settings.

Click ‘Edit’, select the ‘Config.HostAgent.log.level’ value, and configure it to ‘info’.

From a PowerCLI command prompt while connected to the ESXi host, run the following commands:

Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.log.level | Set-AdvancedSetting -Value ‘info’

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Audit and Accountability.This control applies to the following type of system VMware.

References

800-53|AU-3
800-53|AU-12b.
CAT|III
CCI|CCI-000130
CCI|CCI-000171
Rule-ID|SV-239285r674784_rule
STIG-ID|ESXI-67-000030
STIG-Legacy|SV-104093
STIG-Legacy|V-94007
Vuln-ID|V-239285

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles