Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
ESX Server service console administrators are not documented
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15828 | ESX0360 | SV-16767r1_rule | Medium |
| Description |
|---|
| User access to the service console should be restricted. The service console has privileged access to the ESX Server and only authorized users should be provided logon access. Personnel that manage the ESX Server will have individual usernames for accessing the ESX Server, creating an audit trail of activities. Virtual machine users will not have ESX Server logins, since there is no inherent need. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-16179r1_chk ) |
|---|
| Request the ESX Server service console user documentation from the IAO/SA. Compare this documentation to the users on the ESX Server by performing the following at the service console: # less /etc/passwd If a discrepancy exists between the ESX Server and the documentation, this is a finding. |
| Fix Text (F-15780r1_fix) |
|---|
| Document all ESX Server service console users for the ESX Server. |