Note: This article covers material present in Version 1 Revision 3 and below.  Topics found below may be mitigated in the most current version of the ESXi 5 STIG.  Ensure you are using the most current version of the DISA STIG documents.

In this article I’m going to cover how you can setup the cron jobs necessary in ESXi 5.x to monitor for setUID, setGID, and device file changes per the ESXi 5 STIG.  I will walk you through adding a few scripts to your system that will provide log files that are date/time stamped.

Note: The following is unsupported by VMware.

The scripts outlined below are for educational purposes only to assist in your compliance efforts.  They are in no way meant to be a singular solution nor a replacement for a commercial OS baseline monitoring tool.

GEN002400-ESXI5-10047, GEN002460-ESXI5-20047, GEN002260-ESXI5-000047 – setUID, setGID, and Extraneous Device File Monitoring

First off, as before, the changes we are about to make will not persist across reboots without our help so please reference Blog Series: ESXi 5 STIG – File and Setting Persistence.  Keep that handy in the next tab over for reference.

So, we need to add some automated scripts to your ESXi host to parse the file system for suid, guid, and device files.  The method in which you review and/or determine changes have been made is up to you, ESXi provides you no mechanism to accomplish this.  All we are doing here is setting up the automated process of dumping the data required per the STIG.

Continue reading

Just got this today from our Center for Policy Compliance guys.  🙂

CP&C is pleased to announce the availability of the Defense Information Systems Agency (DISA) VMware vSphere 5.0 compliance toolkit that is aligned to version 1 and release 3 (V1R3). The benchmark availability announcement was made on 30-Sep-2013 and we churned it pretty quickly! You can download the package using CCW tool and begin to use it.

If you use our vCM product you should download the new toolkit for this update.  As stated above it aligns with V1R3 of the STIG.