STIGQter STIGQter: STIG Summary: VMware ESXi Server 5.0 Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 27 Jan 2017: The operating system must use cryptography to protect the confidentiality of remote access sessions.

DISA Rule

SV-51269r1_rule

Vulnerability Number

V-39411

Group Title

SRG-OS-000033

Rule Version

SRG-OS-000033-ESXI5

Severity

CAT I

CCI(s)

Weight

10

Fix Recommendation

Disable lock down mode.
Enable the ESXi Shell.

Edit the SSH daemon configuration and add/modify the "Protocol" configuration for Protocol 2 only.
# vi /etc/ssh/sshd_config

Re-enable lock down mode.

Check Contents

Disable lock down mode.
Enable the ESXi Shell.

Check the SSH daemon configuration for required protocol. # grep -i "Protocol 2" /etc/ssh/sshd_config | grep -v '^#'

Re-enable lock down mode.

If no lines are returned, or the returned protocol list contains anything except 2, this is a finding.

Vulnerability Number

V-39411

Documentable

False

Rule Version

SRG-OS-000033-ESXI5

Severity Override Guidance

Disable lock down mode.
Enable the ESXi Shell.

Check the SSH daemon configuration for required protocol. # grep -i "Protocol 2" /etc/ssh/sshd_config | grep -v '^#'

Re-enable lock down mode.

If no lines are returned, or the returned protocol list contains anything except 2, this is a finding.

Check Content Reference

M

Target Key

2370

Comments