Title

Master templates are not stored on a separate partition. (Cat III impact)

Discussion

The master templates will be stored in a separate partition (NTFS, VMFS, etc) from the production virtual machines. Partitioning the master templates isolates them from system, application, and user files. This isolation helps protect the disk space used by the operating system and various applications. Files cannot grow across partitions. Another advantage is that if a bad spot develops on the hard drive, the risk to the data is reduced as is recovery time. Furthermore, separate master template partitions provide the ability to set up certain directories as read-only file systems.

Check Content

Perform the following on the ESX Server service console to determine if the /Master, /Utilities, /vmimages, or /(the name of the partition) are on separate disk partitions: # vdf -h Examine the Mounted on column for the disk device and ensure the device label for /Master, /Utilities, or /vmimages is not the same as the root filesystem. If they are the same, this is a finding.

Fix Text

Store all master templates on a separate partition.

Additional Identifiers

Rule ID: SV-16828r1_rule

Vulnerability ID: V-15887

Group Title: Master templates are not stored correctly

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.