STIGQter: STIG Summary: VMware vSphere 6.5 ESXi Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The ESXi host must produce audit records containing information to establish what type of events occurred.

DISA Rule

SV-207631r378616_rule

Vulnerability Number

V-207631

Group Title

SRG-OS-000037-VMM-000150

Rule Version

ESXI-65-000030

Severity

CAT III

CCI(s)

CCI-000130 - The information system generates audit records containing information that establishes what type of event occurred.

Weight

Fix Recommendation

From the vSphere Web Client select the ESXi Host and go to Configure >> System >> Advanced System Settings. Click Edit and select the Config.HostAgent.log.level value and configure it to "info".

or

From a PowerCLI command prompt while connected to the ESXi host run the following commands:

Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.log.level | Set-AdvancedSetting -Value "info"

Check Contents

From the vSphere Web Client select the ESXi Host and go to Configure >> System >> Advanced System Settings. Select the Config.HostAgent.log.level value and verify it is set to "info".

or

From a PowerCLI command prompt while connected to the ESXi host run the following command:

Get-VMHost | Get-AdvancedSetting -Name Config.HostAgent.log.level

If the Config.HostAgent.log.level setting is not set to info, this is a finding.

Note: Verbose logging level is acceptable for troubleshooting purposes.

Vulnerability Number

V-207631

Documentable

False

Rule Version

ESXI-65-000030

Severity Override Guidance

Check Content Reference

Target Key

2925

The ESXi host must produce audit records containing information to establish what type of events occurred.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments