Check: PHTN-67-000032
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000032
(in versions v1 r6 through v1 r1)
Title
The Photon operating system must only allow installation of packages signed by VMware. (Cat II impact)
Discussion
Installation of any non-trusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. This requirement ensures the software has not been tampered with and has been provided by VMware.
Check Content
At the command line, execute the following command: # rpm -qa gpg-pubkey --qf "%{version}-%{release} %{summary}\n"|grep -v "66fd4949-4803fe57" If there is any output, an unsupported package has been installed and this is a finding.
Fix Text
Confirm with VMware support that this package is not supported (for potential package additions after STIG publication). At the command line, execute the following command: # rpm -e <package-name-from-check>
Additional Identifiers
Rule ID: SV-239104r675120_rule
Vulnerability ID: V-239104
Group Title: SRG-OS-000095-GPOS-00049
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000381 |
The organization configures the information system to provide only essential capabilities. |
Controls
Number | Title |
---|---|
CM-7 |
Least Functionality |