Check: ESXI-67-000009
VMware vSphere 6.7 ESXi STIG:
ESXI-67-000009
(in versions v1 r3 through v1 r1)
Title
The ESXi host SSH daemon must be configured with the DoD logon banner. (Cat II impact)
Discussion
The warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers. Alternatively, systems whose ownership should not be obvious should ensure usage of a banner that does not provide easy attribution.
Check Content
From an SSH session connected to the ESXi host, or from the ESXi shell, run the following command: # grep -i "^Banner" /etc/ssh/sshd_config If there is no output or the output is not exactly "Banner /etc/issue", this is a finding.
Fix Text
From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in "/etc/ssh/sshd_config": Banner /etc/issue
Additional Identifiers
Rule ID: SV-239266r674727_rule
Vulnerability ID: V-239266
Group Title: SRG-OS-000023-VMM-000060
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000048 |
The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance. |
Controls
Number | Title |
---|---|
AC-8 |
System Use Notification |