Permissions on the configuration and virtual disk files are incorrect.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15787	ESX0050	SV-16726r1_rule	ECSC-1	Medium

Description
Permissions for the virtual machine files will adhere to VMware’s best practices. The configuration file (.vmx), will be read, write, execute (rwx) for owner and read and execute (r-x) for group and read (r--) for others (754). The virtual machine’s virtual disk (.vmdk) will be read and write (rw-) for owner (600).

STIG	Date
VMware ESX 3 Server	2016-05-13

Details

Check Text ( C-15973r1_chk )
On the ESX Server host, perform the following commands on the service console: # find /vmfs or nfs –type f –name ‘*.vmx’ –exec ls –Al {} \; \| grep –v -- “rwxr-x-r--“ Review the results from this command. If the result has permissions that are more restrictive, then this is not a finding. Any result that has less restrictive permissions (greater than 754) is a finding. If no result is returned, then this is not a finding. Permissions for all .vmx files should be 754 or rwxr-xr—or more restrictive.

Check Text ( C-15973r1_chk )

On the ESX Server host, perform the following commands on the service console:

# find /vmfs or nfs –type f –name ‘*.vmx’ –exec ls –Al {} \; | grep –v -- “rwxr-x-r--“

Review the results from this command. If the result has permissions that are more restrictive, then this is not a finding. Any result that has less restrictive permissions (greater than 754) is a finding. If no result is returned, then this is not a finding. Permissions for all .vmx files should be 754 or rwxr-xr—or more restrictive.

Fix Text (F-15728r1_fix)
Configure .vmx files to 754.