Permissions have been changed on the /usr/sbin/esx* utilities

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15805	ESX0160	SV-16744r1_rule		Medium

Description
Configuring virtual switches may be performed by using predefined ESX Server commands. These commands are located in the /usr/bin of the file system hierarchy. Since these commands can create, disable, and modify existing configurations, they will be restricted to the root user only. If other users were able to access these commands, inadvertent changes could potentially disable a virtual network.

Description

Configuring virtual switches may be performed by using predefined ESX Server commands. These commands are located in the /usr/bin of the file system hierarchy. Since these commands can create, disable, and modify existing configurations, they will be restricted to the root user only. If other users were able to access these commands, inadvertent changes could potentially disable a virtual network.

STIG	Date
VMware ESX 3 Server	2016-05-13

Details

Check Text ( C-16027r1_chk )
Logon to the ESX Server service console, and perform the following to review the permissions on the esx* utilities. # ls -lL /usr/sbin/esx* \| less All permissions here should be 500 except for esxcfg-auth and esxupdate which should be 544. If they are not the correct permissions, this is a finding.

Fix Text (F-15748r1_fix)
Change the permissions to all esx* utilities to 500 except for esxcfg-auth and exsupdate which should be 544.