← Back to VMware vSphere 7.0 vCenter Appliance RhttpProxy Security Technical Implementation Guide

V-256743

CAT II (Medium)

Envoy (rhttpproxy) log files must be shipped via syslog to a central log server.

Rule ID

SV-256743r889167_rule

STIG

VMware vSphere 7.0 vCenter Appliance RhttpProxy Security Technical Implementation Guide

Version

V1R1

CCIs

CCI-001851

Discussion

Envoy produces several logs that must be offloaded from the originating system. This information can then be used for diagnostic purposes, forensics purposes, or other purposes relevant to ensuring the availability and integrity of the hosted application. Envoy (rhttpproxy) rsyslog configuration is included in the "VMware-visl-integration" package and unpacked to "/etc/vmware-syslog/vmware-services-rhttpproxy.conf". Ensuring the package hashes are as expected also ensures the shipped rsyslog configuration is present and unmodified.

Check Content

At the command prompt, run the following command: 
 
# rpm -V VMware-visl-integration|grep vmware-services-rhttpproxy.conf|grep "^..5......" 
 
If the command returns any output, this is a finding.

Fix Text

Navigate to and open: 
 
/etc/vmware-syslog/vmware-services-rhttpproxy.conf 
 
Create the file if it does not exist. 
 
Set the contents of the file as follows: 
 
#rhttpproxy log 
input(type="imfile" 
      File="/var/log/vmware/rhttpproxy/rhttpproxy.log" 
      Tag="rhttpproxy-main" 
      Severity="info" 
      Facility="local0")