VMware vSphere 7.0 vCenter Appliance Photon OS Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The Photon operating system must protect audit tools from unauthorized modification and deletion.
Protecting audit information includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operations on...Rule Medium Severity -
SRG-OS-000266-GPOS-00101
Group -
The Photon operating system must enforce password complexity by requiring that at least one special character be used.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resistin...Rule Medium Severity -
SRG-OS-000278-GPOS-00108
Group -
The Photon operating system package files must not be modified.
Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit recor...Rule Medium Severity -
SRG-OS-000327-GPOS-00127
Group -
SRG-OS-000341-GPOS-00132
Group -
The Photon operating system must configure auditd to keep five rotated log files.
Audit logs are most useful when accessible by date, rather than size. This can be accomplished through a combination of an audit log rotation cron job, setting a reasonable number of logs to keep, ...Rule Medium Severity -
SRG-OS-000341-GPOS-00132
Group -
The Photon operating system must configure auditd to keep logging in the event max log file size is reached.
Audit logs are most useful when accessible by date, rather than size. This can be accomplished through a combination of an audit log rotation cron job, setting a reasonable number of logs to keep, ...Rule Medium Severity -
SRG-OS-000343-GPOS-00134
Group -
The Photon operating system must configure auditd to log space limit problems to syslog.
If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.Rule Medium Severity -
SRG-OS-000366-GPOS-00153
Group -
The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation.
Installation of any nontrusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. Ensuring all p...Rule Medium Severity -
SRG-OS-000366-GPOS-00153
Group -
The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation.
Installation of any nontrusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. Cryptographica...Rule Medium Severity -
SRG-OS-000366-GPOS-00153
Group -
SRG-OS-000373-GPOS-00156
Group -
The Photon operating system must require users to reauthenticate for privilege escalation.
Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, ...Rule Medium Severity -
SRG-OS-000394-GPOS-00174
Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.