UCF STIG Viewer Logo

ISO images do not have hash checksums.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15885 ESX0890 SV-16826r1_rule DCNR-1 ECTM-1 ECTM-2 Medium
Description
Since ISO operating system images are typically large files, transferring these ISO operating system images over the network may cause corruption to the files. There are simple ways to check the integrity of the file on both the source and destination system using hashing algorithms. Users should create hash checksums on all ISO operating system images on the ESX Server before utilizing the ISO operating system image for virtual machines.
STIG Date
VMware ESX 3 Server 2016-05-13

Details

Check Text ( C-16244r1_chk )
On the ESX Server service console go to the partition that stores the ISO images and verify hash checksums are present for any ISO files. Perform the following to determine if ISO images are verified for integrity:

# ls -al /vmimages (Or the name of the ISO partition)

If no sha1sums are returned or the number of ISO images is different from the number of sha1sums, this is a finding.
Fix Text (F-15845r1_fix)
Create SHA1 checksums for all ISO images.