Details
The CLI command ‘vmkfstools –writezeroes’ can be used to write zeros to the entire
contents of a virtual machine disk (VMDK) file prior to its deletion.
*Rationale*
Zeroing out a VMDK file before deleting the file can help prevent users from reconstructing
the original contents of the file from the physical storage media.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
When deleting a VMDK file with sensitive data-
1. Shut down or stop the virtual machine.
2. Issue the CLI command ‘vmkfstools -writezeroes’ on that file prior to deleting it
from the datastore.
Supportive Information
The following resource is also helpful.
This control applies to the following type of system VMware.