The Photon operating system must enable the rsyslog service.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-258901 | PHTN-40-000242 | SV-258901r991589_rule | Medium |
| Description |
| Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Off-loading is a common process in information systems with limited audit storage capacity. |
| STIG | Date |
| VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide | 2024-07-11 |
Details
| Check Text (C-62641r933762_chk) |
| If another package is used to offload logs, such as syslog-ng, and is properly configured, this is not applicable. At the command line, run the following command to verify rsyslog is enabled and running: # systemctl status rsyslog If the rsyslog service is not enabled and running, this is a finding. |
| Fix Text (F-62550r933763_fix) |
| At the command line, run the following commands: # systemctl enable rsyslog # systemctl start rsyslog |