Check: PHTN-67-000081
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000081
(in versions v1 r6 through v1 r1)
Title
The Photon operating system must disable the debug-shell service. (Cat II impact)
Discussion
The debug-shell service is intended to diagnose system-related boot issues with various systemctl commands. Once enabled and following a system reboot, the root shell will be available on tty9. This service must remain disabled until and unless otherwise directed by VMware support.
Check Content
At the command line, execute the following command: # systemctl status debug-shell.service|grep -E --color=always disabled If the debug-shell service is not disabled, this is a finding.
Fix Text
At the command line, execute the following commands: # systemctl stop debug-shell.service # systemctl disable debug-shell.service Reboot for changes to take effect.
Additional Identifiers
Rule ID: SV-239152r675264_rule
Vulnerability ID: V-239152
Group Title: SRG-OS-000480-GPOS-00227
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |