The vCenter VAMI service must generate information to monitor remote access.

An XCCDF Rule

Description

<VulnDiscussion>Remote access can be exploited by an attacker to compromise the server. By recording all remote access activities, it will be possible to determine the attacker's location, intent, and degree of success. VAMI uses the "mod_accesslog" module to log information relating to remote requests. These logs can then be piped to external monitoring systems.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-259139r1003691_rule
Severity: Medium
References: CCI-000067
Updated: 19 days ago

Navigate to and open:

/opt/vmware/etc/lighttpd/applmgmt-lighttpd.conf

Add the following value in the "server.modules" section:
mod_accesslog

The result should be similar to the following:

server.modules += ("mod_accesslog", "mod_cgi", "mod_magnet", "mod_rewrite")

Restart the service with the following command:

# systemctl restart cap-lighttpd

The vCenter VAMI service must generate information to monitor remote access.

Description

Remediation - Manual Procedure