STIGQter: STIG Summary: VMware vSphere 6.7 ESXi Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:

The ESXi host SSH daemon must be configured with the DoD logon banner.

DISA Rule

SV-239266r674727_rule

Vulnerability Number

V-239266

Group Title

SRG-OS-000023-VMM-000060

Rule Version

ESXI-67-000009

Severity

CAT II

CCI(s)

• CCI-000048 - The information system displays an organization-defined system use notification message or banner before granting access to the system that provides privacy and security notices consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Weight

10

Fix Recommendation

From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in "/etc/ssh/sshd_config":

Banner /etc/issue

Check Contents

From an SSH session connected to the ESXi host, or from the ESXi shell, run the following command:

# grep -i "^Banner" /etc/ssh/sshd_config

If there is no output or the output is not exactly "Banner /etc/issue", this is a finding.

Vulnerability Number

V-239266

Documentable

False

Rule Version

ESXI-67-000009

Severity Override Guidance

From an SSH session connected to the ESXi host, or from the ESXi shell, run the following command:

# grep -i "^Banner" /etc/ssh/sshd_config

If there is no output or the output is not exactly "Banner /etc/issue", this is a finding.

Check Content Reference

M

Target Key

5326

Comments