ESXI-65-000009 – The ESXi host SSH daemon must be configured with the Department of Defense (DoD) login banner.

Details

The warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers. Alternatively, systems whose ownership should not be obvious should ensure usage of a banner that does not provide easy attribution.

Solution

From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in ‘/etc/ssh/sshd_config’:

Banner /etc/issue

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y21M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Unix.

References

800-53|AC-8a.
CAT|II
CCI|CCI-000048
Rule-ID|SV-207610r378520_rule
STIG-ID|ESXI-65-000009
STIG-Legacy|SV-104051
STIG-Legacy|V-93965
Vuln-ID|V-207610

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles