UCF STIG Viewer Logo

vSphere UI application files must be verified for their integrity.


Finding ID Version Rule ID IA Controls Severity
V-256785 VCUI-70-000008 SV-256785r918981_rule Medium
Verifying the vSphere UI application code is unchanged from its shipping state is essential for file validation and nonrepudiation of the vSphere UI. There is no reason the MD5 hash of the RPM original files should be changed after installation, excluding configuration files.
VMware vSphere 7.0 vCenter Appliance UI Security Technical Implementation Guide 2023-06-15


Check Text ( C-60460r918980_chk )
At the command prompt, run the following command:

# rpm -V vsphere-ui|grep "^..5......"|grep -v -E "\.prop|\.pass|\.xml|\.json"

If there is any output, this is a finding.
Fix Text (F-60403r889353_fix)
Reinstall the vCenter Server Appliance (VCSA) or roll back to a snapshot.

VMware does not support modifying the vSphere UI installation files manually.