The vCenter VAMI service must generate information to monitor remote access.

An XCCDF Rule

Details
Profiles

Description

Remote access can be exploited by an attacker to compromise the server. By recording all remote access activities, it will be possible to determine the attacker's location, intent, and degree of success. VAMI uses the "mod_accesslog" module to log information relating to remote requests. These logs can then be piped to external monitoring systems.

ID: SV-259139r1003691_rule
Version: VCLD-80-000005
Severity: Medium
References: CCI-000067
Updated: about 2 months ago

Remediation Templates

Navigate to and open:

/opt/vmware/etc/lighttpd/applmgmt-lighttpd.conf

Add the following value in the "server.modules" section:
mod_accesslog

The result should be similar to the following:

server.modules += ("mod_accesslog", "mod_cgi", "mod_magnet", "mod_rewrite")

Restart the service with the following command:

# systemctl restart cap-lighttpd

The vCenter VAMI service must generate information to monitor remote access.

Description

Remediation Templates

A Manual Procedure