STIGQter STIGQter: STIG Summary: VMware vSphere 6.7 Photon OS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The Photon operating system must initiate auditing as part of the boot process.

DISA Rule

SV-239119r675165_rule

Vulnerability Number

V-239119

Group Title

SRG-OS-000254-GPOS-00095

Rule Version

PHTN-67-000048

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Open /boot/grub2/grub.cfg with a text editor and locate the boot command line arguments. An example follows:

linux "/"$photon_linux root=$rootpartition net.ifnames=0 $photon_cmdline coredump_filter=0x37 consoleblank=0

Add "audit=1" to the end of the line so it reads as follows:

linux "/"$photon_linux root=$rootpartition net.ifnames=0 $photon_cmdline coredump_filter=0x37 consoleblank=0 audit=1

Note: Do not copy/paste in this example argument line. This may change in future releases. Find the similar line and append "audit=1" to it.

Reboot the system for the change to take effect.

Check Contents

At the command line, execute the following command:

# grep "audit=1" /proc/cmdline

If no results are returned, this is a finding.

Vulnerability Number

V-239119

Documentable

False

Rule Version

PHTN-67-000048

Severity Override Guidance

At the command line, execute the following command:

# grep "audit=1" /proc/cmdline

If no results are returned, this is a finding.

Check Content Reference

M

Target Key

5323

Comments