ESX Agent Manager must generate log records for system startup and shutdown.

An XCCDF Rule

Details
Profiles

Description

Logging must be started as soon as possible when a service starts and as late as possible when a service is stopped. Many forms of suspicious actions can be detected by analyzing logs for unexpected service starts and stops. Also, by starting to log immediately after a service starts, it becomes more difficult for suspicious activity to go unlogged.

ID: SV-256678r888590_rule
Version: VCEM-70-000006
Severity: Medium
References: CCI-000169
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/etc/vmware/vmware-vmon/svcCfgfiles/eam.json

Below the last line of the "PreStartCommandArg" block, add the following line:
"StreamRedirectFile" : "%VMWARE_LOG_DIR%/vmware/eam/jvm.log",

Restart the appliance for changes to take effect.

ESX Agent Manager must generate log records for system startup and shutdown.

Description

Remediation Templates

A Manual Procedure