A file integrity baseline must be created and maintained.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
GEN000140-ESXI5-000063	GEN000140-ESXI5-000063	GEN000140-ESXI5-000063_rule		Medium

Description
A file integrity baseline is a collection of file metadata which is to evaluate the integrity of the system. A minimal baseline must contain metadata for all device files, setuid files, setgid files, system libraries, system binaries, and system configuration files. The minimal metadata must consist of the mode, owner, group owner, and modification times. For regular files, metadata must also include file size and a cryptographic hash of the file's contents.

Description

A file integrity baseline is a collection of file metadata which is to evaluate the integrity of the system. A minimal baseline must contain metadata for all device files, setuid files, setgid files, system libraries, system binaries, and system configuration files. The minimal metadata must consist of the mode, owner, group owner, and modification times. For regular files, metadata must also include file size and a cryptographic hash of the file's contents.

STIG	Date
VMware ESXi v5 Security Technical Implementation Guide	2013-01-15

Details

Check Text ( C-GEN000140-ESXI5-000063_chk )
Ask the SA if a cryptographically hashed file integrity baseline has been created and maintained for the system. If no file integrity baseline exists for the system, this is a finding.

Fix Text (F-GEN000140-ESXI5-000063_fix)
From the Power/v CLI, run the command: > # vicfg-cfgbackup Use this file (hash) as a basis for system integrity checking. Generate a new where/as required due to system updates. Re-enable Lockdown Mode on the host.