ESXI-67-000009 - The ESXi host SSH daemon must be configured with the DoD logon banner - DoD login banner.

Information

The warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers. Alternatively, systems whose ownership should not be obvious should ensure usage of a banner that does not provide easy attribution.

Solution

From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in '/etc/ssh/sshd_config':

Banner /etc/issue

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y22M04_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-8a., CAT|II, CCI|CCI-000048, Rule-ID|SV-239266r674727_rule, STIG-ID|ESXI-67-000009, Vuln-ID|V-239266

Plugin: Unix

Control ID: 5e6b6ae910396ac0fab5175b964d25e63299119f597159fcefc34a6cf6f50b08