ISO images are not restricted to authorized users.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15884	ESX0880	SV-16825r1_rule	ECAN-1 ECCD-1 ECCD-2	Medium

Description
Virtual machines are created from using operating system CD-ROMs or ISO images of the operating system. ISO operating system images reduce the time in deploying virtual machine servers since the media is readily available as a file on the hard drive. Also, ISO operating system images map easily to the virtual machine CD-ROM drive of the guest machine once the guest machine is running. Unauthorized access to the ISO operating system images could potentially allow these images to be corrupted or altered in some way.

Description

Virtual machines are created from using operating system CD-ROMs or ISO images of the operating system. ISO operating system images reduce the time in deploying virtual machine servers since the media is readily available as a file on the hard drive. Also, ISO operating system images map easily to the virtual machine CD-ROM drive of the guest machine once the guest machine is running. Unauthorized access to the ISO operating system images could potentially allow these images to be corrupted or altered in some way.

STIG	Date
VMware ESX 3 Server	2016-05-13

Details

Check Text ( C-16243r1_chk )
On the ESX Server service console perform the following command to determine if the /ISO, /Utilities, or /vmimages file partitions are accessible to unauthorized users. # ls -la /vmimages (Or the name of the partition) Permissions for .iso files should be 440 (r--r-----). If they are not 440 or more restrictive, this is a finding.

Fix Text (F-15844r1_fix)
Restrict iso images to only authorized users.