GEN000950-ESXI5-444 – The root accounts list of preloaded libraries must be empty.

Details

The library preload list environment variable contains a list of libraries for the dynamic linker to load before loading the libraries required by the binary. If this list contains paths to libraries relative to the current working directory, unintended libraries may be preloaded. This variable is formatted as a space-separated list of libraries. Paths starting with (/) are absolute paths.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Disable lock down mode. Enable the ESXi Shell. Execute the following command(s):
# vi /etc/vmware/config

Set the LD_PRELOAD to ”.

Re-enable lock down mode.

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_Server_V2R1_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
Group-ID|V-39383
Rule-ID|SV-250577r798730_rule
STIG-ID|GEN000950-ESXI5-444
STIG-Legacy|SV-51241
STIG-Legacy|V-39383
Vuln-ID|V-250577

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles