Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-39247 | GEN005300-ESXI5-000099 | SV-51063r1_rule | Medium |
Description |
---|
Whether active or inactive, default communities, users, and passwords must be changed to maintain security. A service running with default authenticators allows acquisition of data about the system and the network to potentially compromise the integrity of the system or network(s). |
STIG | Date |
---|---|
VMware ESXi Server 5.0 Security Technical Implementation Guide | 2017-01-06 |
Check Text ( C-46511r1_chk ) |
---|
Disable lock down mode. Enable the ESXi Shell. Login as root and check the snmp configuration file for default(s): # egrep -i "community|communities" /etc/vmware/snmp.xml If any community name or password is set to a default value such as public, private or password, this is a finding. Re-enable lock down mode. |
Fix Text (F-44226r4_fix) |
---|
From the Power/v CLI, run the (below example) command: > # vicfg-snmp.pl --server In the above example, -E enables the VMware SNMP agent, and -c sets communities to the provided name. |