Details

Remote access can be exploited by an attacker to compromise the server. By recording all remote access activities, it will be possible to determine the attacker’s location, intent, and degree of success.

VAMI uses the ‘mod_accesslog’ module to log information relating to remote requests. These logs can then be piped to external monitoring systems.

Satisfies: SRG-APP-000016-WSR-000005

Solution

Navigate to and open /opt/vmware/etc/lighttpd/lighttpd.conf.

Add the following value in the ‘server.modules’ section:

mod_accesslog

The result should be similar to the following:

server.modules = (
‘mod_access’,
‘mod_accesslog’,
‘mod_proxy’,
‘mod_cgi’,
‘mod_rewrite’,
‘mod_magnet’,
‘mod_setenv’,
# 7
)

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control, Audit and Accountability.This control applies to the following type of system Unix.

References

• 800-53|AC-17(1)
• 800-53|AU-14(2)
• CAT|II
• CCI|CCI-000067
• CCI|CCI-001462
• Rule-ID|SV-239718r679338_rule
• STIG-ID|VCLD-67-000004
• Vuln-ID|V-239718

Source

• Tenable.com/audits