Check: ESXI-67-000071
VMware vSphere 6.7 ESXi STIG:
ESXI-67-000071
(in versions v1 r3 through v1 r1)
Title
The SA must verify the integrity of the installation media before installing ESXi. (Cat I impact)
Discussion
Always check the SHA1 or MD5 hash after downloading an ISO, offline bundle, or patch to ensure integrity and authenticity of the downloaded files.
Check Content
The downloaded ISO, offline bundle, or patch hash must be verified against the vendor's checksum to ensure the integrity and authenticity of the files. See some typical command line example(s) for both the md5 and sha1 hash check(s) below: # md5sum <filename>.iso # sha1sum <filename>.iso If any of the system's downloaded ISO, offline bundle, or system patch hashes cannot be verified against the vendor's checksum, this is a finding.
Fix Text
If the hash returned from the "md5sum" or "sha1sum" commands do not match the vendor's hash, the downloaded software must be discarded. If the physical media is obtained from VMware and the security seal is broken, the software must be returned to VMware for replacement.
Additional Identifiers
Rule ID: SV-239324r674901_rule
Vulnerability ID: V-239324
Group Title: SRG-OS-000480-VMM-002000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |