Title

Permissions have been changed on the /usr/sbin/esx* utilities (Cat II impact)

Discussion

Configuring virtual switches may be performed by using predefined ESX Server commands. These commands are located in the /usr/bin of the file system hierarchy. Since these commands can create, disable, and modify existing configurations, they will be restricted to the root user only. If other users were able to access these commands, inadvertent changes could potentially disable a virtual network.

Check Content

Logon to the ESX Server service console, and perform the following to review the permissions on the esx* utilities. # ls -lL /usr/sbin/esx* | less All permissions here should be 500 except for esxcfg-auth and esxupdate which should be 544. If they are not the correct permissions, this is a finding.

Fix Text

Change the permissions to all esx* utilities to 500 except for esxcfg-auth and exsupdate which should be 544.

Additional Identifiers

Rule ID: SV-16744r1_rule

Vulnerability ID: V-15805

Group Title: Permissions have been changed on esx* utilities.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.