Permissions on the virtual disk files are incorrect.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-16881 | ESX0055 | SV-17881r1_rule | ECSC-1 | Medium |
| Description |
|---|
| Permissions for the virtual machine files will adhere to VMware’s best practices. The configuration file (.vmx), will be read, write, execute (rwx) for owner and read and execute (r-x) for group and read (r--) for others (754). The virtual machine’s virtual disk (.vmdk) will be read and write (rw-) for owner (600). |
| STIG | Date |
|---|---|
| VMware ESX 3 Server | 2016-05-13 |
Details
| Check Text ( C-17470r1_chk ) |
|---|
| On the ESX Server host, perform the following commands on the service console: # find /vmfs or nfs –type f –name ‘*.vmdk’ –exec ls –Al {} \; | grep –v -- “rw--------“ Any result from this command is a finding. If no result is returned, this is not a finding. Permissions for all .vmdk files should be 600 or rw-------. If they are not, this is a finding. |
| Fix Text (F-16730r1_fix) |
|---|
| Configure .vmdk files to 600. |