Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-90275 | VRAU-VA-000645 | SV-100925r1_rule | Medium |
Description |
---|
Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Protecting log data is important during a forensic investigation to ensure investigators can track and understand what may have occurred. Off-loading should be set up as a scheduled task but can be configured to be run manually, if other processes during the off-loading are manual. Off-loading is a common process in information systems with limited log storage capacity. |
STIG | Date |
---|---|
VMW vRealize Automation 7.x vAMI Security Technical Implementation Guide | 2018-10-12 |
Check Text ( C-89967r1_chk ) |
---|
At the command prompt, execute the following command: grep traceFile /opt/vmware/etc/sfcb/sfcb.cfg If the value of "traceFile" is not "syslog', this is a finding. |
Fix Text (F-97017r1_fix) |
---|
Navigate to and open /opt/vmware/etc/sfcb/sfcb.cfg, Configure the sfcb.cfg file with the following value: 'traceFile: syslog' |