Master templates are not restricted to authorized users only.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15888 | ESX0920 | SV-16829r1_rule | ECAN-1 ECCD-1 ECCD-2 | Medium |
| Description |
|---|
| Restricting access to master templates to authorized users helps ensure they are not compromised or modified. If these master templates were compromised, all future guest installations could be corrupt or contain malicious code. Master templates will be restricted to only users that are administering and/or creating guest virtual machines. |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-16247r1_chk ) |
|---|
| On the ESX Server service console perform the following command to determine if the /Master, /Utilities, or /vmimages file partitions are accessible to unauthorized users. # ls -la /vmimages (Or name of master template directory) Permissions for .vmdk files should be 600 or rw-------. If they are not 600 or more restrictive, this is a finding. |
| Fix Text (F-15848r1_fix) |
|---|
| Restrict master templates to authorized users only. |