Closed pstearns closed 1 year ago
What version of vCenter was it ran against? I haven't seen that file show up before but it may be due to upgrades which may explain it.
This was run against 7.0.3 20150588. I do believe it appeared after the last patch.
Is the command in that is used in 6.7 STIG, "rpm -V vmware-eam | grep "^..5......"|grep -E ".war|.jar|.sh|.py"", insufficient to verify no modifications were made?
Ok I don't see that on a fresh deploy of that build so I'll see if there's a better expression we could use here.
Possibly "rpm -V vmware-eam|grep "^..5......" | grep -v 'c /' | grep -v -E ".installer|.properties|.xml""
Running "rpm -V vmware-eam|grep "^..5......" | grep -v 'c /' | grep -v -E ".installer|.properties|.xml"" returns the expected null output on 7.0.3 7.0.3 20150588.
On Fri, Oct 28, 2022 at 12:10 PM Ryan @.***> wrote:
Possibly "rpm -V vmware-eam|grep "^..5......" | grep -v 'c /' | grep -v -E ".installer|.properties|.xml""
— Reply to this email directly, view it on GitHub https://github.com/vmware/dod-compliance-and-automation/issues/100#issuecomment-1295358478, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2LBT7XTPOTD56TH5RHMRQLWFQQIRANCNFSM6AAAAAARQGYP7U . You are receiving this because you authored the thread.Message ID: @.***>
Describe the bug
vCenter Virtual Appliance 7.0 ESXi Agent Manager Profile VCEM-70-000008
Discussion: Verifying that ESX Agent Manager application code is unchanged from its shipping state is essential for file validation and non-repudiation of the ESX Agent Manager. There is no reason that the MD5 hash of the rpm original files should be changed after installation, excluding configuration files.
Check Text: At the command prompt, execute the following command: rpm -V vmware-eam|grep "^..5......"|grep -v -E ".installer|.properties|.xml"
If there is any output, this is a finding.
expected: "" got: "S.5....T. c /etc/vmware-eam/version"
Reproduction steps
Running inspec control or command directly returns "S.5....T. c /etc/vmware-eam/version"
Expected behavior
Expected no output according to STIG item.
The DISA 6.7 STIG command doesnt return an output: rpm -V vmware-eam | grep "^..5......"|grep -E ".war|.jar|.sh|.py"
Additional context
The SRG 7.0 command returns a configuration file notated by the "c", which configuration files should be excluded.