VCLD-67-000015 - VAMI server binaries and libraries must be verified for their integrity.

Information

Being able to verify that a patch, upgrade, certificate, etc., being added to the web server is unchanged from the producer of the file is essential for file validation and non-repudiation of the information.

VMware delivers product updates and patches regularly. When VAMI is updated, the signed packages will also be updated. These packages can be used to verify that VAMI has not been inappropriately modified since it was installed.

Solution

If the VAMI binaries have been modified from the default state when deployed as part of the VCSA, the system must be wiped and redeployed or restored from backup.

VMware does not recommend or support recovering from such a state by reinstalling RPMs or similar efforts.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_Y23M07_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-5(3), CAT|II, CCI|CCI-001749, Rule-ID|SV-239723r879584_rule, STIG-ID|VCLD-67-000015, Vuln-ID|V-239723

Plugin: Unix

Control ID: 0ad97acccf396ce53ac84ed41fc59f74caf051b2a101281898144e8248251cf4