search

vmware / dod-compliance-and-automation

Security hardening content for VMware solutions to US Department of Defense standards
Other
146 stars 60 forks source link

[vSphere][7.0][VCEM-70-000008] Check command returning configuration files after upgrade #100

Closed pstearns closed 1 year ago

pstearns commented 1 year ago

Describe the bug

vCenter Virtual Appliance 7.0 ESXi Agent Manager Profile VCEM-70-000008

Discussion: Verifying that ESX Agent Manager application code is unchanged from its shipping state is essential for file validation and non-repudiation of the ESX Agent Manager. There is no reason that the MD5 hash of the rpm original files should be changed after installation, excluding configuration files.

Check Text: At the command prompt, execute the following command: rpm -V vmware-eam|grep "^..5......"|grep -v -E ".installer|.properties|.xml"

If there is any output, this is a finding.

expected: "" got: "S.5....T. c /etc/vmware-eam/version"

Reproduction steps

Running inspec control or command directly returns "S.5....T. c /etc/vmware-eam/version"

Expected behavior

Expected no output according to STIG item.

The DISA 6.7 STIG command doesnt return an output: rpm -V vmware-eam | grep "^..5......"|grep -E ".war|.jar|.sh|.py"

Additional context

The SRG 7.0 command returns a configuration file notated by the "c", which configuration files should be excluded.

rlakey commented 1 year ago

What version of vCenter was it ran against? I haven't seen that file show up before but it may be due to upgrades which may explain it.

pstearns commented 1 year ago

This was run against 7.0.3 20150588. I do believe it appeared after the last patch.

Is the command in that is used in 6.7 STIG, "rpm -V vmware-eam | grep "^..5......"|grep -E ".war|.jar|.sh|.py"", insufficient to verify no modifications were made?

rlakey commented 1 year ago

Ok I don't see that on a fresh deploy of that build so I'll see if there's a better expression we could use here.

rlakey commented 1 year ago

Possibly "rpm -V vmware-eam|grep "^..5......" | grep -v 'c /' | grep -v -E ".installer|.properties|.xml""

pstearns commented 1 year ago

Running "rpm -V vmware-eam|grep "^..5......" | grep -v 'c /' | grep -v -E ".installer|.properties|.xml"" returns the expected null output on 7.0.3 7.0.3 20150588.

On Fri, Oct 28, 2022 at 12:10 PM Ryan @.***> wrote:

Possibly "rpm -V vmware-eam|grep "^..5......" | grep -v 'c /' | grep -v -E ".installer|.properties|.xml""

— Reply to this email directly, view it on GitHub https://github.com/vmware/dod-compliance-and-automation/issues/100#issuecomment-1295358478, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LBT7XTPOTD56TH5RHMRQLWFQQIRANCNFSM6AAAAAARQGYP7U . You are receiving this because you authored the thread.Message ID: @.***>