Check: VCENTER-000016
VMware vCenter Server Version 5 STIG:
VCENTER-000016
(in versions v2 r1 through v1 r7)
Title
Log files must be cleaned up after failed installations of the vCenter Server. (Cat II impact)
Discussion
If the vCenter installation fails, a log file (with a name of the form "hs_err_pidXXXX") is created that contains the database password in plain text. An attacker who breaks into the vCenter Server could potentially steal this password and access the vCenter Database.
Check Content
If at any time a vCenter Server installation fails, only the log files of format "hs_err_pid...." should be identified on the Windows host and deleted securely before putting the host into production. Determine if a site policy exists for handling failed installation cleanup of the Windows host prior to deployment. Using the Windows host search function, determine the existence of any log files of format "hs_err_pid". If a file name of the format "hs_err_pid" is found, this is a finding. If a site policy does not exist and/or is not followed, this is a finding.
Fix Text
Develop a site policy for handling failed installation cleanup of the Windows host prior to deployment. Using the Windows host search function, determine the existence of any log files of format "hs_err_pid and remove them.
Additional Identifiers
Rule ID: SV-250735r799895_rule
Vulnerability ID: V-250735
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |