STIGQter: STIG Summary: VMware vRealize Operations Manager 6.x SLES Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 28 Sep 2018:

The SLES for vRealize must use mechanisms meeting the requirements of applicable federal laws, Executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.

DISA Rule

SV-99233r1_rule

Vulnerability Number

V-88583

Group Title

SRG-OS-000120-GPOS-00061

Rule Version

VROM-SL-000710

Severity

CAT II

CCI(s)

• CCI-000803 - The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication.

Weight

10

Fix Recommendation

Edit the "/etc/default/passwd" file and add or change the "CRYPT" variable setting so that it contains:

CRYPT=sha256
OR
CRYPT=sha512

Edit the "/etc/default/passwd" file and add or change the "CRYPT_FILES" variable setting so that it contains:

CRYPT_FILES=sha256
OR
CRYPT_FILES=sha512

Check Contents

Check the "/etc/default/passwd" file:

# grep CRYPT /etc/default/passwd

If the "CRYPT" setting in the "/etc/default/passwd" file is not present, or not set to "SHA256" or "SHA512", this is a finding.

If the "CRYPT_FILES" setting in the "/etc/default/passwd" file is not present, or not set to "SHA256" or "SHA512", this is a finding.

Vulnerability Number

V-88583

Documentable

False

Rule Version

VROM-SL-000710

Severity Override Guidance

Check the "/etc/default/passwd" file:

# grep CRYPT /etc/default/passwd

If the "CRYPT" setting in the "/etc/default/passwd" file is not present, or not set to "SHA256" or "SHA512", this is a finding.

If the "CRYPT_FILES" setting in the "/etc/default/passwd" file is not present, or not set to "SHA256" or "SHA512", this is a finding.

Check Content Reference

M

Target Key

3461

Comments