Details

The shells file (or equivalent) lists approved default shells. It helps provide layered defense to the security approach by ensuring users cannot change their default shell to an unauthorized shell that may not be secure.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Disable lock down mode.
Enable the ESXi Shell.
= /etc/shells
Execute the following command(s):
# > /etc/shells

Re-enable lock down mode.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_Server_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.

References

• 800-53|CM-6b.
• CAT|II
• CCI|CCI-000366
• Group-ID|V-39275
• Rule-ID|SV-250579r798736_rule
• STIG-ID|GEN002120-ESXI5-000045
• STIG-Legacy|SV-51091
• STIG-Legacy|V-39275
• Vuln-ID|V-250579

Source

• Tenable.com/audits