Note: This article covers material present in Version 1 Revision 3 and below. Topics found below may be mitigated in the most current version of the ESXi 5 STIG. Ensure you are using the most current version of the DISA STIG documents.
Ah the dreaded STIG. For many, a necessity by way of policy, but an implementation headache for all. Sadly the ESXi 5 STIG, released at V1R1 on August 9th 2013, will be no different.
In the spirit of VMFieldTips I will be taking you on a journey over the next few weeks through the ESXi 5 STIG. I will hit the head scratchers, problem points, and the just plain crazy. Also, where appropriate, I will try and loop in the official VMware Security Hardening Guides if possible. I know @mikefoley will be proud.
What this blog series is not: It is not an official implementation guide by any means. It is a compilation of questions and answers from the field on how to address, or in some cases securely work around, the findings in the ESXi 5 STIG. It is completely open for comment and can be driven by you. If I have not covered a specific finding yet, ask me for it. If you have a better way, throw it into a comment on the article. I will review, discuss, and possibly even add it into the article itself. Blogs are a way to learn, share, and in this case overcome and intense feelings of insanity as you muscle through the ESXi 5 STIG.
The ESXi 5 STIG is made up of three parts, ESXi Server, vCenter Server, and VM (vmx). I will start this series off in the ESXi Server portion of the STIG, a few findings at a time to reduce the time between posts. Already, just from the start, we are going to have our work cut out for us.
Posts that are a part of this series will be linked below. I will also provide the full STIG ID(s) in each post for easy searching and Google indexing. Ok, now let’s get to it.
Blog Series Table of Contents:
Blog Series: ESXi 5 STIG – ESXi Server SSH Daemon
Blog Series: ESXi 5 STIG – File and Setting Persistence
Blog Series: ESXi 5 STIG – ESXi Server SSH Client
Blog Series: ESXi 5 STIG – ESXi Server Password Complexity Requirements