VAMI must be configured to monitor remote access.

An XCCDF Rule

Description

Remote access can be exploited by an attacker to compromise the server. By recording all remote access activities, it will be possible to determine the attacker's location, intent, and degree of success. VAMI uses the "mod_accesslog" module to log information relating to remote requests. These logs can then be piped to external monitoring systems. Satisfies: SRG-APP-000016-WSR-000005, SRG-APP-000093-WSR-000053

ID: SV-256648r888466_rule
Version: VCLD-70-000004
Severity: Medium
References: CCI-000067 CCI-001462
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/opt/vmware/etc/lighttpd/lighttpd.conf

Add the following value in the "server.modules" section:
mod_accesslog

The result should be similar to the following:

    server.modules                    = (
        "mod_access",
        "mod_accesslog",
        "mod_proxy",
        "mod_cgi",
        "mod_rewrite",
        "mod_magnet",
        "mod_setenv",
    )

Restart the service with the following command:

# vmon-cli --restart applmgmt

VAMI must be configured to monitor remote access.

Description

Remediation Templates

A Manual Procedure