Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-39391 | SRG-OS-000109-ESXI5 | SV-51249r1_rule | Medium |
Description |
---|
Even though communications are encrypted, an additional layer of security may be gained by extending the policy of not logging directly on as root. In addition, logging in with a user-specific account preserves the audit trail. |
STIG | Date |
---|---|
VMware ESXi Server 5.0 Security Technical Implementation Guide | 2013-09-12 |
Check Text ( C-46665r3_chk ) |
---|
Disable lock down mode. Enable the ESXi Shell. Execute the following command(s): # grep PermitRootLogin /etc/ssh/sshd_config If "PermitRootLogin" is set to "yes", this is a finding. Re-enable lock down mode. |
Fix Text (F-44404r2_fix) |
---|
Disable lock down mode. Enable the ESXi Shell. Execute the following command(s): # vi /etc/ssh/sshd_config Set "PermitRootLogin" to "no". Re-enable lock down mode. |