UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The Photon operating system package files must not be modified.


Overview

Finding ID Version Rule ID IA Controls Severity
V-256525 PHTN-30-000051 SV-256525r887249_rule Medium
Description
Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. Without confidence in the integrity of the auditing system and tools, the information it provides cannot be trusted.
STIG Date
VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide 2023-12-01

Details

Check Text ( C-60200r887247_chk )
Use the verification capability of rpm to check the MD5 hashes of the audit files on disk versus the expected ones from the installation package.

At the command line, run the following command:

# rpm -V audit | grep "^..5" | grep -v "^...........c"

If there is any output, this is a finding.
Fix Text (F-60143r887248_fix)
If the audit system binaries have been altered, the system must be taken offline and the information system security manager (ISSM) notified immediately.

Reinstalling the audit tools is not supported. The appliance should be restored from a backup or redeployed once the root cause is remediated.