Solved: Auditing in vSphere

Kirizan · ‎02-22-2010

Hello all,

I am going through the disa requirements for ESX servers, and I came accross

GEN002660 and the related requirements. In 3.5 it seems you could us LAuS to satisfy this requirment, but I do not see the libraries for LAuS located on the ESX 4.0 cd. Is there a new way to audit the following items; failed attempts to access files and programs, files being deleted, administrative privileged and security actions, and the such? Thank you in advance for the help.

kirklarsen · ‎02-24-2010

Hi,

LAuS has been replaced by the auditd package and it provides the same functionality. I'm pretty sure auditd didn't ship with the original 4.0 product, but it has been added in either a patch or update 1.

--Ksl

View solution in original post

kirklarsen · ‎02-24-2010

Hi,

LAuS has been replaced by the auditd package and it provides the same functionality. I'm pretty sure auditd didn't ship with the original 4.0 product, but it has been added in either a patch or update 1.

--Ksl

Texiwill · ‎02-24-2010

Hello,

DISA knows about LaUS and Auditd and it's test are based on kernel version. But auditd is not enabled by default.

Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

All

Auditing in vSphere