STIGQter: STIG Summary: VMware vSphere 6.7 Photon OS Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The Photon operating system must initiate auditing as part of the boot process.

DISA Rule

SV-239119r675165_rule

Vulnerability Number

V-239119

Group Title

SRG-OS-000254-GPOS-00095

Rule Version

PHTN-67-000048

Severity

CAT II

CCI(s)

CCI-001464 - The information system initiates session audits at system start-up.

Weight

Fix Recommendation

Open /boot/grub2/grub.cfg with a text editor and locate the boot command line arguments. An example follows:

linux "/"$photon_linux root=$rootpartition net.ifnames=0 $photon_cmdline coredump_filter=0x37 consoleblank=0

Add "audit=1" to the end of the line so it reads as follows:

linux "/"$photon_linux root=$rootpartition net.ifnames=0 $photon_cmdline coredump_filter=0x37 consoleblank=0 audit=1

Note: Do not copy/paste in this example argument line. This may change in future releases. Find the similar line and append "audit=1" to it.

Reboot the system for the change to take effect.

Check Contents

At the command line, execute the following command:

# grep "audit=1" /proc/cmdline

If no results are returned, this is a finding.

Vulnerability Number

V-239119

Documentable

False

Rule Version

PHTN-67-000048

Severity Override Guidance

At the command line, execute the following command:

# grep "audit=1" /proc/cmdline

If no results are returned, this is a finding.

Check Content Reference

Target Key

5323

The Photon operating system must initiate auditing as part of the boot process.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments