Hash signatures for the /etc files are not stored offline.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15829	ESX0370	SV-16768r1_rule	ECCT-1 ECCT-2	Medium

Description
Several files within ESX Server should be checked for file system integrity periodically. These files have been deemed critical by VMware in maintaining file system integrity. System administrators must ensure these files have the correct permissions and have not been modified. To ensure integrity, system administrators will use a FIPS 140-2 hash algorithm to create signatures of these files and store them offline. Comparing these hash values periodically will verify the integrity of the files.

Description

Several files within ESX Server should be checked for file system integrity periodically. These files have been deemed critical by VMware in maintaining file system integrity. System administrators must ensure these files have the correct permissions and have not been modified. To ensure integrity, system administrators will use a FIPS 140-2 hash algorithm to create signatures of these files and store them offline. Comparing these hash values periodically will verify the integrity of the files.

STIG	Date
VMware ESX 3 Server	2016-05-13

Details

Check Text ( C-16180r1_chk )
The following /etc files in the table below need to have hash signatures that are stored offline. Ask the IAO/SA the location of the hash signatures and verify that it is not on the ESX Server host. If it is, this is a finding. If the hash signatures are incomplete, this is a finding. File Location Permission /etc/fstab 640 /etc/group 644 /etc/host.conf 640 /etc/hosts 640 /etc/hosts.allow 640 /etc/hosts.deny 640 /etc/logrotate.conf 640 /etc/logrotate.d/ 700 /etc/modules.conf 640 /etc/motd 640 /etc/ntp 755 /etc/ntp.conf 644 /etc/pam.d/system-auth 644 /etc/profile 644 /etc/shadow 400 /etc/securetty 600 /etc/ssh/sshd_config 600 /etc/snmp 755 /etc/sudoers 440 /etc/vmware 755

Check Text ( C-16180r1_chk )

The following /etc files in the table below need to have hash signatures that are stored offline. Ask the IAO/SA the location of the hash signatures and verify that it is not on the ESX Server host. If it is, this is a finding. If the hash signatures are incomplete, this is a finding.

File Location Permission
/etc/fstab 640
/etc/group 644
/etc/host.conf 640
/etc/hosts 640
/etc/hosts.allow 640
/etc/hosts.deny 640
/etc/logrotate.conf 640
/etc/logrotate.d/ 700
/etc/modules.conf 640
/etc/motd 640
/etc/ntp 755
/etc/ntp.conf 644
/etc/pam.d/system-auth 644
/etc/profile 644
/etc/shadow 400
/etc/securetty 600
/etc/ssh/sshd_config 600
/etc/snmp 755
/etc/sudoers 440
/etc/vmware 755

Fix Text (F-15781r1_fix)
Store the hash signatures for the /etc files in an offline location.