STIGQter: STIG Summary: VMware vRealize Automation 7.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

DISA Rule

SV-100351r1_rule

Vulnerability Number

V-89701

Group Title

SRG-OS-000120-GPOS-00061

Rule Version

VRAU-SL-000730

Severity

CAT II

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

Edit the /etc/default/passwd file and add or change the "CRYPT" variable setting so that it contains:

CRYPT=sha256
OR
CRYPT=sha512

Edit the /etc/default/passwd file and add or change the "CRYPT_FILES" variable setting so that it contains:

CRYPT_FILES=sha256
OR
CRYPT_FILES=sha512

Check Contents

Check the /etc/default/passwd file:

# grep CRYPT /etc/default/passwd

If the "CRYPT" setting in /etc/default/passwd is not present, or not set to "SHA256" or "SHA512", this is a finding.

If the "CRYPT_FILES" setting in /etc/default/passwd is not present, or not set to "SHA256" or "SHA512", this is a finding.

Vulnerability Number

V-89701

Documentable

False

Rule Version

VRAU-SL-000730

Severity Override Guidance

Check the /etc/default/passwd file:

# grep CRYPT /etc/default/passwd

If the "CRYPT" setting in /etc/default/passwd is not present, or not set to "SHA256" or "SHA512", this is a finding.

If the "CRYPT_FILES" setting in /etc/default/passwd is not present, or not set to "SHA256" or "SHA512", this is a finding.

Check Content Reference

M

Target Key

3459

Comments