A file integrity tool must be used at least weekly to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| GEN000220-ESXI5-000064 | GEN000220-ESXI5-000064 | GEN000220-ESXI5-000064_rule | Medium |
| Description |
|---|
| Changes in system libraries and binaries can indicate compromise or significant system events, such as patching needing to be checked by automated processes and the results reviewed by the SA. |
| STIG | Date |
|---|---|
| VMware ESXi v5 Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-GEN000220-ESXI5-000064_chk ) |
|---|
| Ask the SA if a weekly, cryptographically hashed file integrity baseline is created and maintained via cron. If no file integrity baseline is created on a weekly basis for the system, this is a finding. |
| Fix Text (F-GEN000220-ESXI5-000064_fix) |
|---|
| From the Power/v CLI, run the command: # vicfg-cfgbackup Use this file (hash) as a basis for system integrity checking. Generate a new |