Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-39353 | SRG-OS-99999-ESXI5-000161 | SV-51211r2_rule | Medium |
Description |
---|
The virtual disk must be zeroed out prior to deletion in order to prevent sensitive data in VMDK files from being recovered. |
STIG | Date |
---|---|
VMware ESXi Server 5.0 Security Technical Implementation Guide | 2017-01-06 |
Check Text ( C-46627r6_chk ) |
---|
Ask the SA if a documented procedure is used to overwrite sensitive data in VMDK flat files prior to deletion. The procedure must include a command to zero out data and the file must then be deleted. See some examples directly below. vmkfstools --writezeroes or dd if=/dev/zero of= If a documented procedure to overwrite sensitive data in VMDK flat files prior to deletion does not exist, this is a finding. |
Fix Text (F-44367r6_fix) |
---|
Create and document a procedure to zero out sensitive data prior to removal of the VMDK file. Command line interface commands such as vmkfstools, dd, and rm must be used, per the examples below. vmkfstools --writezeroes or dd if=/dev/zero of= Note: The vSphere Client does not automatically zero out a VMDK file when it is destroyed. |