Detections
Analytics

DISA STIG VMware vSphere 6.7 ESXi OS v1r2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: DISA STIG VMware vSphere 6.7 ESXi OS v1r2

Updated: 10/31/2023

Authority: DISA STIG

Plugin: Unix

Revision: 1.4

Estimated Item Count: 27

File Details

Filename: DISA_STIG_VMware_vSphere_6.7_ESXi_Bare_Metal_Host_v1r2.audit

Size: 39.3 kB

MD5: c4b0305652475e088c43080459d0d997
SHA256: de57b3d97723090f23bf26db198e7c66ef3bec3ba760d5819b397a9f35ef42a5

Audit Items

DescriptionCategories
DISA_STIG_VMware_vSphere_6.7_ESXi_Bare_Metal_Host_v1r2.audit from DISA VMware vSphere 6.7 ESXi v1r2 STIG
ESXI-67-000009 - The ESXi host SSH daemon must be configured with the DoD logon banner - DoD login banner.
ESXI-67-000010 - The ESXi host SSH daemon must use DoD-approved encryption to protect the confidentiality of remote access sessions.
ESXI-67-000012 - The ESXi host SSH daemon must ignore .rhosts files.
ESXI-67-000013 - The ESXi host SSH daemon must not allow host-based authentication.
ESXI-67-000014 - The ESXi host SSH daemon must not permit root logins.
ESXI-67-000015 - The ESXi host SSH daemon must not allow authentication using an empty password.
ESXI-67-000016 - The ESXi host SSH daemon must not permit user environment settings.
ESXI-67-000018 - The ESXi host SSH daemon must not permit GSSAPI authentication.
ESXI-67-000019 - The ESXi host SSH daemon must not permit Kerberos authentication.
ESXI-67-000020 - The ESXi host SSH daemon must perform strict mode checking of home directory configuration files.
ESXI-67-000021 - The ESXi host SSH daemon must not allow compression or must only allow compression after successful authentication.
ESXI-67-000022 - The ESXi host SSH daemon must be configured to not allow gateway ports.
ESXI-67-000023 - The ESXi host SSH daemon must be configured to not allow X11 forwarding.
ESXI-67-000024 - The ESXi host SSH daemon must not accept environment variables from the client.
ESXI-67-000025 - The ESXi host SSH daemon must not permit tunnels.
ESXI-67-000026 - The ESXi host SSH daemon must set a timeout count on idle sessions.
ESXI-67-000027 - The ESXi host SSH daemon must set a timeout interval on idle sessions.
ESXI-67-000028 - The ESXi host SSH daemon must limit connections to a single session.
ESXI-67-000029 - The ESXi host must remove keys from the SSH authorized_keys file.
ESXI-67-000033 - The password hashes stored on the ESXi host must have been generated using a FIPS 140-2 approved cryptographic hashing algorithm.
ESXI-67-000044 - The ESXi host must enable kernel core dumps.
ESXI-67-000047 - The ESXi Image Profile and vSphere Installation Bundle (VIB) Acceptance Levels must be verified.
ESXI-67-000056 - The ESXi host must configure the firewall to restrict access to services running on the host.
ESXI-67-000076 - The ESXi host must enable Secure Boot.
ESXI-67-000078 - The ESXi host must use DoD-approved certificates.
ESXI-67-100010 - The ESXi host SSH daemon must be configured to only use FIPS 140-2 approved ciphers.