Title

VirtualCenter vpxuser has been modified. (Cat I impact)

Discussion

The vpxuser is created when the ESX Server host is attached to VirtualCenter. It is not present on the ESX Server host unless the host is being managed through VirtualCenter. SAs will not change vpxuser and its default permissions. Modifying these permissions may create problems working with the ESX Server host through VirtualCenter.

Check Content

On the ESX Server service console perform the following: # grep vpx /etc/passwd Output should appear as follows: vpxuser:x:500:100:Vmware VirtualCenter administration account: /home/vpxuser:/bin/false #grep vpx /etc/shadow Output should appear as follows: vpxuser:(hash value)/:13995:1:360:14::: (These numbers may be different based on the site) If any of these files have been changed from the above values for the vpxuser, this is a finding.

Fix Text

Do not modify the vpxuser account.

Additional Identifiers

Rule ID: SV-16815r1_rule

Vulnerability ID: V-15874

Group Title: VirtualCenter vpxuser has been modified.

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.