STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must off-load audit records onto a different system or media from the system being audited.

DISA Rule

SV-100433r1_rule

Vulnerability Number

V-89783

Group Title

SRG-OS-000342-GPOS-00133

Rule Version

VRAU-SL-001060

Severity

CAT III

CCI(s)

CCI-001851 - The information system off-loads audit records per organization-defined frequency onto a different system or media than the system being audited.

Weight

Fix Recommendation

Edit the syslog configuration file and add an appropriate remote syslog server:

In the /etc/syslog-ng/syslog-ng.conf file, the remote logging entries must be uncommented and the IP address must be modified to point to the remote syslog server:

#
# Enable this and adopt IP to send log messages to a log server.
#
destination logserver { udp("x.x.x.x" port(514)); };
log { source(src); destination(logserver); };

Note: Replace x.x.x.x with the appropriate IP address.

Check Contents

Check the syslog configuration file for remote syslog servers:

# cat /etc/syslog-ng/syslog-ng.conf | grep logserver

If no line is returned, or "logserver" is commented out, this is a finding.

Vulnerability Number

V-89783

Documentable

False

Rule Version

VRAU-SL-001060

Severity Override Guidance

Check the syslog configuration file for remote syslog servers:

# cat /etc/syslog-ng/syslog-ng.conf | grep logserver

If no line is returned, or "logserver" is commented out, this is a finding.

Check Content Reference

Target Key

3459

The SLES for vRealize must off-load audit records onto a different system or media from the system being audited.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments