Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Permissions have been changed on the /usr/sbin/esx* utilities
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15805 | ESX0160 | SV-16744r1_rule | Medium |
| Description |
|---|
| Configuring virtual switches may be performed by using predefined ESX Server commands. These commands are located in the /usr/bin of the file system hierarchy. Since these commands can create, disable, and modify existing configurations, they will be restricted to the root user only. If other users were able to access these commands, inadvertent changes could potentially disable a virtual network. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-16027r1_chk ) |
|---|
| Logon to the ESX Server service console, and perform the following to review the permissions on the esx* utilities. # ls -lL /usr/sbin/esx* | less All permissions here should be 500 except for esxcfg-auth and esxupdate which should be 544. If they are not the correct permissions, this is a finding. |
| Fix Text (F-15748r1_fix) |
|---|
| Change the permissions to all esx* utilities to 500 except for esxcfg-auth and exsupdate which should be 544. |