Check: PHTN-67-000043
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000043
(in versions v1 r6 through v1 r1)
Title
The Photon operating system messages file must have mode 0640 or less permissive. (Cat II impact)
Discussion
Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state and can provide sensitive information to an unprivileged attacker.
Check Content
At the command line, execute the following command: # stat -c "%n permissions are %a" /var/log/vmware/messages If the permissions on the file are more permissive than 0640, this is a finding.
Fix Text
At the command line, execute the following command: # chmod 0640 /var/log/vmware/messages
Additional Identifiers
Rule ID: SV-239115r675153_rule
Vulnerability ID: V-239115
Group Title: SRG-OS-000206-GPOS-00084
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001314 |
The information system reveals error messages only to organization-defined personnel or roles. |
Controls
Number | Title |
---|---|
SI-11 |
Error Handling |