Check: PHTN-67-000053
VMware vSphere 6.7 Photon OS STIG:
PHTN-67-000053
(in versions v1 r6 through v1 r1)
Title
The Photon operating system package files must not be modified. (Cat II impact)
Discussion
Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity. Without confidence in the integrity of the auditing system and tools, the information it provides cannot be trusted.
Check Content
Use the verification capability of rpm to check the MD5 hashes of the audit files on disk versus the expected ones from the installation package. At the command line, execute the following command: # rpm -V audit | grep "^..5" | grep -v "^...........c" If there is output, this is a finding.
Fix Text
If the audit system binaries have been altered, the system must be taken offline and the ISSM must be notified immediately. Reinstalling the audit tools is not supported. The appliance should be restored from a backup or a snapshot or redeployed once the root cause is remediated.
Additional Identifiers
Rule ID: SV-239124r877393_rule
Vulnerability ID: V-239124
Group Title: SRG-OS-000278-GPOS-00108
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001496 |
The information system implements cryptographic mechanisms to protect the integrity of audit tools. |
Controls
Number | Title |
---|---|
AU-9 (3) |
Cryptographic Protection |