From VMW vRealize Automation 7.x vAMI Security Technical Implementation Guide
Part of SRG-APP-000505-AS-000230
Associated with: CCI-000172
Determining when a user has accessed the management interface is important to determine the timeline of events when a security incident occurs. Generating these events, especially if the management interface is accessed via a stateless protocol like HTTP, the log events will be generated when the user performs a logon (start) and when the user performs a logoff (end). Without these events, the user and later investigators cannot determine the sequence of events and therefore cannot determine what may have happened and by whom it may have been done. The generation of start and end times within log events allow the user to perform their due diligence in the event of a security breach.
At the command prompt, execute the following command: ls /etc/pam_debug If the /etc/pam_debug file does not exist, this is a finding.
At the command prompt, enter the following command: touch /etc/pam_debug
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer