The Photon operating system must enable the rsyslog service.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-258901 | PHTN-40-000242 | SV-258901r933764_rule | CCI-000366 | medium |
| Description | ||||
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. | ||||
| STIG | Date | |||
| VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide | 2023-10-29 | |||
Details
Check Text (C-258901r933764_chk)
If another package is used to offload logs, such as syslog-ng, and is properly configured, this is not applicable.
At the command line, run the following command to verify rsyslog is enabled and running:
# systemctl status rsyslog
If the rsyslog service is not enabled and running, this is a finding.
Fix Text (F-62550r933763_fix)
At the command line, run the following commands:
# systemctl enable rsyslog
# systemctl start rsyslog