VMware tools are not used to update the ESX Server.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15848	ESX0490	SV-16789r1_rule		Medium

Description
VMware uses three categories for patches: Security, Critical, and General. VMware will usually issue a KB article when they become aware of security vulnerabilities and other serious functionality issues before they issue a patch. Only VMware released patches and tools (such as esxupdate) should be implemented. Do not use RedHat or third party patches or tools such as yum or rpm to update the system because VMware has made modifications to the system and kernel.

Description

VMware uses three categories for patches: Security, Critical, and General. VMware will usually issue a KB article when they become aware of security vulnerabilities and other serious functionality issues before they issue a patch. Only VMware released patches and tools (such as esxupdate) should be implemented. Do not use RedHat or third party patches or tools such as yum or rpm to update the system because VMware has made modifications to the system and kernel.

STIG	Date
VMware ESX 3 Server	2016-05-13

Details

Check Text ( C-16197r1_chk )
On the ESX Server service console perform the following commands: # grep esxupdate /var/log/vmware/esxupdate.log If no entries are returned, this is a finding.

Fix Text (F-15802r1_fix)
Utilize VMware tools for all ESX Server updates.