ESXI-06-000007 - The system must display the Standard Mandatory DoD Notice and Consent Banner before granting access to the system.

Information

Failure to display the DoD logon banner prior to a log in attempt will negate legal proceedings resulting from unauthorized access to system resources.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From a PowerCLI command prompt while connected to the ESXi host copy the following contents into a script(.ps1 file) and run to set the DCUI screen to display the DoD logon banner:

<script begin>

$value = @'
{bgcolor:black} {/color}{align:left}{bgcolor:black}{color:yellow}{hostname} , {ip}{/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:black}{color:yellow}{esxproduct} {esxversion}{/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:black}{color:yellow}{memory} RAM{/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:black}{color:white} {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} using this IS (which includes any device attached to this IS), you consent to the following conditions: {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} - The USG routinely intercepts and monitors communications on this IS for purposes including, but not limited {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} to, penetration testing, COMSEC monitoring, network operations and defense, personnel misconduct (PM), law {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} enforcement (LE), and counterintelligence (CI) investigations. {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} - At any time, the USG may inspect and seize data stored on this IS. {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} - Communications using, or data stored on, this IS are not private, are subject to routine monitoring, {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} interception, and search, and may be disclosed or used for any USG-authorized purpose. {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} - This IS includes security measures (e.g., authentication and access controls) to protect USG interests--not {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} for your personal benefit or privacy. {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} - Notwithstanding the above, using this IS does not constitute consent to PM, LE or CI investigative searching {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} or monitoring of the content of privileged communications, or work product, related to personal representation {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} or services by attorneys, psychotherapists, or clergy, and their assistants. Such communications and work {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} product are private and confidential. See User Agreement for details. {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{align:left}{bgcolor:yellow}{color:black} {/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
{bgcolor:black} {/color}{align:left}{bgcolor:dark-grey}{color:white} <F2> Accept Conditions and Customize System / View Logs{/align}{align:right}<F12> Accept Conditions and Shut Down/Restart {bgcolor:black} {/color}{/color}{/bgcolor}{/align}
{bgcolor:black} {/color}{bgcolor:dark-grey}{color:black} {/color}{/bgcolor}
'

@Get-VMHost | Get-AdvancedSetting -Name Annotations.WelcomeMessage | Set-AdvancedSetting -Value $value

<script end>

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-8a., CAT|II, CCI|CCI-000048, Group-ID|V-63183, Rule-ID|SV-77673r1_rule, STIG-ID|ESXI-06-000007, Vuln-ID|V-63183

Plugin: VMware

Control ID: 835e87ab622ed6482e481f0b485c36120800105cee331fdf96aee815d7d34657