Title

ISO images do not have hash checksums. (Cat II impact)

Discussion

Since ISO operating system images are typically large files, transferring these ISO operating system images over the network may cause corruption to the files. There are simple ways to check the integrity of the file on both the source and destination system using hashing algorithms. Users should create hash checksums on all ISO operating system images on the ESX Server before utilizing the ISO operating system image for virtual machines.

Check Content

On the ESX Server service console go to the partition that stores the ISO images and verify hash checksums are present for any ISO files. Perform the following to determine if ISO images are verified for integrity: # ls -al /vmimages (Or the name of the ISO partition) If no sha1sums are returned or the number of ISO images is different from the number of sha1sums, this is a finding.

Fix Text

Create SHA1 checksums for all ISO images.

Additional Identifiers

Rule ID: SV-16826r1_rule

Vulnerability ID: V-15885

Group Title: ISO images do not have hash checksums

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.