search

vmware / dod-compliance-and-automation

Security hardening content for VMware solutions to US Department of Defense standards
Other
154 stars 61 forks source link

ESXi 7.0 Draft STIG ESXI-70-000084 calls for improper value #91

Closed Aggraxis closed 2 years ago

Aggraxis commented 2 years ago

Describe the bug

ESXI-70-000084 calls these settings out:

Mandatory:

# esxcli system auditrecords local set --size=4100
# esxcli system auditrecords local enable
# esxcli system auditrecords remote enable
# esxcli system syslog reload

esxcli reports that valid input is 4 to 100. 4100 is an invalid value.

Reproduction steps

1. esxcli system auditrecords local set --size=4100

Expected behavior

STIG and automation script reflect valid settings.

Additional context

We see things like this from time to time on various STIGs . As written, it is currently impossible to be 'compliant'.

Thank you for what you guys are doing. We appreciate the help.

rlakey commented 2 years ago

Thanks for catching this and we'll get it updated in the next round of updates and any value in that range should be ok.

rlakey commented 2 years ago

Fixed by #104