VMware vSphere 6.7 Photon OS Security Technical Implementation Guide

Description

This Security Technical Implementation Guide is published as a tool to improve the security of Department of Defense (DoD) information systems. The requirements are derived from the National Institute of Standards and Technology (NIST) 800-53 and related documents. Comments or proposed revisions to this document should be sent via email to the following address: [email protected]

Details

Version / Release: V1R1

Published: 2021-04-15

Updated At: 2021-05-02 21:04:32

Actions

Download

Filter

Findings
Severity Open Not Reviewed Not Applicable Not a Finding
Overall 0 0 0 0
Low 0 0 0 0
Medium 0 0 0 0
High 0 0 0 0
Drop CKL or SCAP (XCCDF) results here.

    Vuln Rule Version CCI Severity Title Description Status Finding Details Comments
    SV-239072r717090_rule PHTN-67-000129 CCI-001851 MEDIUM The Photon operating system must be configured to offload audit logs to a syslog server. Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Offloading is a common process in information systems with limited audit storage capacity. Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000447-GPOS-00201
    SV-239073r675027_rule PHTN-67-000001 CCI-000018 MEDIUM The Photon operating system must audit all account creations. Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to create an account. Auditing account creation actions provides logging th
    SV-239074r675030_rule PHTN-67-000002 CCI-000044 MEDIUM The Photon operating system must automatically lock an account when three unsuccessful logon attempts occur. By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account. Satisfies: SRG-OS-000021-GPOS-00005, SRG-OS
    SV-239075r675033_rule PHTN-67-000003 CCI-000048 MEDIUM The Photon operating system must display the Standard Mandatory DoD Notice and Consent Banner before granting SSH access. Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations,
    SV-239076r675036_rule PHTN-67-000004 CCI-000054 MEDIUM The Photon operating system must limit the number of concurrent sessions to 10 for all accounts and/or account types. Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to denial-of-service at
    SV-239077r675039_rule PHTN-67-000005 CCI-000057 MEDIUM The Photon operating system must set a session inactivity timeout of 15 minutes or less. A session timeout is an action taken when a session goes idle for any reason. Rather than relying on the user to manually disconnect their session prior to going idle, the Photon operating system must be able to identify when a session has idled and take
    SV-239078r675042_rule PHTN-67-000006 CCI-000067 MEDIUM The Photon operating system must have the sshd SyslogFacility set to "authpriv". Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities.
    SV-239079r675045_rule PHTN-67-000007 CCI-000067 MEDIUM The Photon operating system must have sshd authentication logging enabled. Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities. Shipping sshd authentication events to syslog allows organizations to
    SV-239080r675048_rule PHTN-67-000008 CCI-000067 MEDIUM The Photon operating system must have the sshd LogLevel set to "INFO". Automated monitoring of remote access sessions allows organizations to detect cyberattacks and ensure ongoing compliance with remote access policies by auditing connection activities. The INFO LogLevel is required, at least, to ensure the capturing of fa
    SV-239081r675051_rule PHTN-67-000009 CCI-000068 HIGH The Photon operating system must configure sshd to use approved encryption algorithms. Without confidentiality protection mechanisms, unauthorized individuals may gain access to sensitive information via a remote access session. OpenSSH on the Photon operating system is compiled with a FIPS-validated cryptographic module. The "FipsMode" se
    SV-239082r675054_rule PHTN-67-000010 CCI-000130 MEDIUM The Photon operating system must configure auditd to log to disk. Without establishing what type of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack. Audit record content must be shipped to a central location, but it must also be logged locally
    SV-239083r675057_rule PHTN-67-000011 CCI-000131 MEDIUM The Photon operating system must configure auditd to use the correct log format. To compile an accurate risk assessment and provide forensic analysis, it is essential for security personnel to know exact, unfiltered details of the event in question.
    SV-239084r675060_rule PHTN-67-000012 CCI-000135 MEDIUM The Photon operating system must be configured to audit the execution of privileged functions. Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts
    SV-239085r675063_rule PHTN-67-000013 CCI-000139 MEDIUM The Photon operating system audit log must log space limit problems to syslog. It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system oper
    SV-239086r675066_rule PHTN-67-000014 CCI-000140 MEDIUM The Photon operating system audit log must attempt to log audit failures to syslog. It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system oper
    SV-239087r675069_rule PHTN-67-000015 CCI-000162 MEDIUM The Photon operating system audit log must have correct permissions. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit operating system activity. Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus c
    SV-239088r675072_rule PHTN-67-000016 CCI-000163 MEDIUM The Photon operating system audit log must be owned by root. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit operating system activity. Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus c
    SV-239089r675075_rule PHTN-67-000017 CCI-000164 MEDIUM The Photon operating system audit log must be group-owned by root. Audit information includes all information (e.g., audit records, audit settings, audit reports) needed to successfully audit operating system activity. Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus c
    SV-239090r675078_rule PHTN-67-000018 CCI-000135 MEDIUM The Photon operating system must have the auditd service running. Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. To that end, the auditd service must be configured to start automati
    SV-239091r675081_rule PHTN-67-000019 CCI-000171 MEDIUM The Photon operating system must allow only the ISSM (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited. Without the capability to restrict the roles and individuals that can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming
    SV-239092r675084_rule PHTN-67-000020 CCI-000172 MEDIUM The Photon operating system must generate audit records when successful/unsuccessful attempts to access privileges occur. The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unautho
    SV-239093r675087_rule PHTN-67-000021 CCI-000192 MEDIUM The Photon operating system must enforce password complexity by requiring that at least one uppercase character be used. Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
    SV-239094r717043_rule PHTN-67-000022 CCI-000193 MEDIUM The Photon operating system must enforce password complexity by requiring that at least one lowercase character be used. Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
    SV-239095r675093_rule PHTN-67-000023 CCI-000194 MEDIUM The Photon operating system must enforce password complexity by requiring that at least one numeric character be used. Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
    SV-239096r675096_rule PHTN-67-000024 CCI-000195 MEDIUM The Photon operating system must require that new passwords are at least four characters different from the old password. Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
    SV-239097r675099_rule PHTN-67-000025 CCI-000196 MEDIUM The Photon operating system must store only encrypted representations of passwords. Passwords must be protected at all times via strong, one-way encryption. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. If they are encrypted with a weak cipher, those passwords are much more vulnerable
    SV-239098r675102_rule PHTN-67-000026 CCI-000196 MEDIUM The Photon operating system must store only encrypted representations of passwords. Passwords must be protected at all times via strong, one-way encryption. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. If they are encrypted with a weak cipher, those passwords are much more vulnerable
    SV-239099r675105_rule PHTN-67-000027 CCI-000198 MEDIUM The Photon operating system must be configured so that passwords for new users are restricted to a 24-hour minimum lifetime. Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly c
    SV-239100r675108_rule PHTN-67-000028 CCI-000199 MEDIUM The Photon operating system must be configured so that passwords for new users are restricted to a 90-day maximum lifetime. Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If the operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the op
    SV-239101r675111_rule PHTN-67-000029 CCI-000200 MEDIUM The Photon operating system must prohibit password reuse for a minimum of five generations. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password
    SV-239102r675114_rule PHTN-67-000030 CCI-000200 MEDIUM The Photon operating system must ensure old passwords are being stored. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to consecutively reuse their password when that password
    SV-239103r675117_rule PHTN-67-000031 CCI-000205 MEDIUM The Photon operating system must enforce a minimum eight-character password length. The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and bru
    SV-239104r675120_rule PHTN-67-000032 CCI-000381 MEDIUM The Photon operating system must only allow installation of packages signed by VMware. Installation of any non-trusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. This requirement ensures the software has not been tampered with and ha
    SV-239105r675123_rule PHTN-67-000033 CCI-000382 MEDIUM The Photon operating system must disable the loading of unnecessary kernel modules. To support the requirements and principles of least functionality, the operating system must provide only essential capabilities and limit the use of modules, protocols, and/or services to only those required for the proper functioning of the product. Sa
    SV-239106r675126_rule PHTN-67-000034 CCI-000764 MEDIUM The Photon operating system must not have Duplicate User IDs (UIDs). To ensure accountability and prevent unauthenticated access, organizational users must be uniquely identified and authenticated to prevent potential misuse and provide for non-repudiation.
    SV-239107r675129_rule PHTN-67-000035 CCI-000770 MEDIUM The Photon operating system must configure sshd to disallow root logins. Logging on with a user-specific account provides individual accountability for actions performed on the system. Users must log in with their individual accounts and elevate to root as necessary. Disallowing root SSH login also reduces the distribution of
    SV-239108r675132_rule PHTN-67-000036 CCI-000795 MEDIUM The Photon operating system must disable new accounts immediately upon password expiration. Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts will not notice if unauthorized access to their user acco
    SV-239109r675135_rule PHTN-67-000037 CCI-001095 MEDIUM The Photon operating system must use TCP syncookies. A TCP SYN flood attack can cause a denial of service by filling a system's TCP connection table with connections in the SYN_RCVD state. Syncookies can be used to track a connection when a subsequent ACK is received, verifying the initiator is attempting a
    SV-239110r675138_rule PHTN-67-000038 CCI-001133 MEDIUM The Photon operating system must configure sshd to disconnect idle SSH sessions. Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended.
    SV-239111r675141_rule PHTN-67-000039 CCI-001133 MEDIUM The Photon operating system must configure sshd to disconnect idle SSH sessions. Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended.
    SV-239112r675144_rule PHTN-67-000040 CCI-001312 MEDIUM The Photon operating system must configure rsyslog to offload system logs to a central server. Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Proper configuration of rsyslog ensures that information critical to forensic analysis of security events is available for future action without any manua
    SV-239113r675147_rule PHTN-67-000041 CCI-001314 MEDIUM The Photon operating system /var/log directory must be owned by root. Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state and can provide sensitive information to an unprivileged attacker.
    SV-239114r675150_rule PHTN-67-000042 CCI-001314 MEDIUM The Photon operating system messages file must be owned by root. Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state and can provide sensitive information to an unprivileged attacker.
    SV-239115r675153_rule PHTN-67-000043 CCI-001314 MEDIUM The Photon operating system messages file must have mode 0640 or less permissive. Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state and can provide sensitive information to an unprivileged attacker.
    SV-239116r675156_rule PHTN-67-000045 CCI-001403 MEDIUM The Photon operating system must audit all account modifications. Once an attacker establishes access to a system, the attacker often attempts to create a persistent method of reestablishing access. One way to accomplish this is for the attacker to modify an existing account. Auditing account modification actions provid
    SV-239117r675159_rule PHTN-67-000046 CCI-001404 MEDIUM The Photon operating system must audit all account disabling actions. When operating system accounts are disabled, user accessibility is affected. Accounts are used for identifying individual users or the operating system processes themselves. To detect and respond to events affecting user accessibility and system processin
    SV-239118r675162_rule PHTN-67-000047 CCI-001405 MEDIUM The Photon operating system must audit all account removal actions. When operating system accounts are removed, user accessibility is affected. Accounts are used for identifying individual users or the operating system processes themselves. To detect and respond to events affecting user accessibility and system processing
    SV-239119r675165_rule PHTN-67-000048 CCI-001464 MEDIUM The Photon operating system must initiate auditing as part of the boot process. Each process on the system carries an "auditable" flag, which indicates whether its activities can be audited. Although auditd takes care of enabling this for all processes that launch after it starts, adding the kernel argument ensures the flag is set at
    SV-239120r675168_rule PHTN-67-000049 CCI-001493 MEDIUM The Photon operating system audit files and directories must have correct permissions. Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operations on audit information.
    SV-239121r675171_rule PHTN-67-000050 CCI-001493 MEDIUM The Photon operating system audit files and directories must have correct permissions. Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operations on audit information.
    SV-239122r675174_rule PHTN-67-000051 CCI-001494 MEDIUM The Photon operating system must protect audit tools from unauthorized modification. Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operations on audit information. Satisfies: SRG-OS-000257-GPOS-00
    SV-239123r675177_rule PHTN-67-000052 CCI-001619 MEDIUM The Photon operating system must enforce password complexity by requiring that at least one special character be used. Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
    SV-239124r675180_rule PHTN-67-000053 CCI-001496 MEDIUM The Photon operating system package files must not be modified. Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfu
    SV-239125r675183_rule PHTN-67-000054 CCI-002361 MEDIUM The Photon operating system must set an inactivity timeout value for non-interactive sessions. A session timeout is an action taken when a session goes idle for any reason. Rather than relying on the user to manually disconnect their session prior to going idle, the Photon operating system must be able to identify when a session has idled and take
    SV-239126r675186_rule PHTN-67-000055 CCI-002314 MEDIUM The Photon operating system must configure sshd with a specific ListenAddress. Without specifying a ListenAddress, sshd will listen on all interfaces. In situations with multiple interfaces, this may not be intended behavior and could lead to offering remote access on an unapproved network.
    SV-239127r675189_rule PHTN-67-000056 CCI-000172 MEDIUM The Photon operating system must audit the execution of privileged functions. Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts
    SV-239128r675192_rule PHTN-67-000057 CCI-001849 MEDIUM The Photon operating system must configure auditd to keep five rotated log files. Audit logs are most useful when accessible by date, rather than size. This can be accomplished through a combination of an audit log rotation cron job, setting a reasonable number of logs to keep and configuring auditd to not rotate the logs on its own. T
    SV-239129r675195_rule PHTN-67-000058 CCI-001849 MEDIUM The Photon operating system must configure auditd to keep five rotated log files. Audit logs are most useful when accessible by date, rather than size. This can be accomplished through a combination of an audit log rotation cron job, setting a reasonable number of logs to keep and configuring auditd to not rotate the logs on its own. T
    SV-239130r675198_rule PHTN-67-000059 CCI-001849 MEDIUM The Photon operating system must configure a cron job to rotate auditd logs daily. Audit logs are most useful when accessible by date, rather than size. This can be accomplished through a combination of an audit log rotation cron job, setting a reasonable number of logs to keep and configuring auditd to not rotate the logs on its own. T
    SV-239131r675201_rule PHTN-67-000060 CCI-001855 MEDIUM The Photon operating system must configure auditd to log space limit problems to syslog. If security personnel are not notified immediately when storage volume reaches 75% utilization, they are unable to plan for audit record storage capacity expansion.
    SV-239132r675204_rule PHTN-67-000061 CCI-001891 MEDIUM The Photon operating system must be configured to synchronize with an approved DoD time source. Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. S
    SV-239133r675207_rule PHTN-67-000062 CCI-001749 MEDIUM The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. Installation of any non-trusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. Ensuring all packages' cryptographic signatures are valid prior to inst
    SV-239134r675210_rule PHTN-67-000063 CCI-001749 MEDIUM The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. Installation of any non-trusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. This requirement ensures the software has not been tampered with and ha
    SV-239135r675213_rule PHTN-67-000064 CCI-001749 MEDIUM The Photon operating system RPM package management tool must cryptographically verify the authenticity of all software packages during installation. Installation of any non-trusted software, patches, service packs, device drivers, or operating system components can significantly affect the overall security of the operating system. This requirement ensures the software has not been tampered with and ha
    SV-239136r675216_rule PHTN-67-000065 CCI-002038 MEDIUM The Photon operating system must require users to reauthenticate for privilege escalation. Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate. Satisfies: SRG-OS
    SV-239137r675219_rule PHTN-67-000066 CCI-002007 MEDIUM The Photon operating system must prohibit the use of cached authenticators after one day. If cached authentication information is out of date, the validity of the authentication information may be questionable.
    SV-239138r675222_rule PHTN-67-000067 CCI-002421 HIGH The Photon operating system must configure sshd to use preferred ciphers. Privileged access contains control and configuration information and is particularly sensitive, so additional protections are necessary. This is maintained by using cryptographic mechanisms such as encryption to protect confidentiality. Nonlocal maintena
    SV-239139r675225_rule PHTN-67-000068 CCI-000197 MEDIUM The Photon operating system must use OpenSSH for remote maintenance sessions. If the remote connection is not closed and verified as closed, the session may remain open and be exploited by an attacker; this is referred to as a zombie session. Remote connections must be disconnected and verified as disconnected when nonlocal mainten
    SV-239140r675228_rule PHTN-67-000069 CCI-002824 MEDIUM The Photon operating system must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution. ASLR makes it more difficult for an attacker to predict the location of attack code he or she has introduced into a process's address space during an attempt at exploitation. Additionally, ASLR also makes it more difficult for an attacker to know the loca
    SV-239141r675231_rule PHTN-67-000070 CCI-002617 MEDIUM The Photon operating system must remove all software components after updated versions have been installed. Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the
    SV-239142r675234_rule PHTN-67-000071 CCI-000172 MEDIUM The Photon operating system must generate audit records when the sudo command is used. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit recor
    SV-239143r675237_rule PHTN-67-000072 CCI-000172 MEDIUM The Photon operating system must generate audit records when successful/unsuccessful logon attempts occur. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit recor
    SV-239144r675240_rule PHTN-67-000073 CCI-000172 MEDIUM The Photon operating system must audit the insmod module. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit reco
    SV-239145r675243_rule PHTN-67-000074 CCI-000172 MEDIUM The Photon operating system auditd service must generate audit records for all account creations, modifications, disabling, and termination events. Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. Audit recor
    SV-239146r675246_rule PHTN-67-000075 CCI-000366 MEDIUM The Photon operating system must use the pam_cracklib module. If the operating system allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.
    SV-239147r675249_rule PHTN-67-000076 CCI-000366 MEDIUM The Photon operating system must set the FAIL_DELAY parameter. Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.
    SV-239148r675252_rule PHTN-67-000077 CCI-000366 MEDIUM The Photon operating system must enforce a delay of at least four seconds between logon prompts following a failed logon attempt. Limiting the number of logon attempts over a certain time interval reduces the chances that an unauthorized user may gain access to an account.
    SV-239149r675255_rule PHTN-67-000078 CCI-000366 MEDIUM The Photon operating system must ensure audit events are flushed to disk at proper intervals. Without setting a balance between performance and ensuring all audit events are written to disk, performance of the system may suffer or the risk of missing audit entries may be too high.
    SV-239150r675258_rule PHTN-67-000079 CCI-000366 MEDIUM The Photon operating system must ensure root $PATH entries are appropriate. The $PATH variable contains a semicolon-delimited set of directories that allows root to not specify the full path for a limited set of binaries. Having unexpected directories in $PATH can lead to root running a binary other than the one intended.
    SV-239151r675261_rule PHTN-67-000080 CCI-000366 MEDIUM The Photon operating system must create a home directory for all new local interactive user accounts. If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.
    SV-239152r675264_rule PHTN-67-000081 CCI-000366 MEDIUM The Photon operating system must disable the debug-shell service. The debug-shell service is intended to diagnose system-related boot issues with various systemctl commands. Once enabled and following a system reboot, the root shell will be available on tty9. This service must remain disabled until and unless otherwise
    SV-239153r675267_rule PHTN-67-000082 CCI-000366 MEDIUM The Photon operating system must configure a secure umask for all shells. A user's umask influences the permissions assigned to files that a user creates. Setting an appropriate umask is important to make sure that information is not exposed to unprivileged users.
    SV-239154r675270_rule PHTN-67-000083 CCI-000366 MEDIUM The Photon operating system must configure sshd to disallow Generic Security Service Application Program Interface (GSSAPI) authentication. GSSAPI authentication is used to provide additional authentication mechanisms to applications. Allowing GSSAPI authentication through SSH exposes the system’s GSSAPI to remote hosts, increasing the attack surface of the system.
    SV-239155r675273_rule PHTN-67-000084 CCI-000366 MEDIUM The Photon operating system must configure sshd to disable environment processing. Enabling environment processing may enable users to bypass access restrictions in some configurations and must therefore be disabled.
    SV-239156r675276_rule PHTN-67-000085 CCI-000366 MEDIUM The Photon operating system must configure sshd to disable X11 forwarding. X11 is an older, insecure graphics forwarding protocol. It is not used by Photon and should be disabled as a general best practice to limit attack surface area and communication channels.
    SV-239157r675279_rule PHTN-67-000086 CCI-000366 MEDIUM The Photon operating system must configure sshd to perform strict mode checking of home directory configuration files. If other users have access to modify user-specific SSH configuration files, they may be able to log on to the system as another user.
    SV-239158r675282_rule PHTN-67-000087 CCI-000366 MEDIUM The Photon operating system must configure sshd to disallow Kerberos authentication. If Kerberos is enabled through SSH, sshd provides a means of access to the system's Kerberos implementation. Vulnerabilities in the system's Kerberos implementation may then be subject to exploitation. To reduce the attack surface of the system, the Kerbe
    SV-239159r675285_rule PHTN-67-000088 CCI-000366 MEDIUM The Photon operating system must configure sshd to use privilege separation. Privilege separation in sshd causes the process to drop root privileges when not needed, which would decrease the impact of software vulnerabilities in the unprivileged section.
    SV-239160r675288_rule PHTN-67-000089 CCI-000366 MEDIUM The Photon operating system must configure sshd to disallow authentication with an empty password. Blank passwords are one of the first things an attacker checks for when probing a system. Even is the user somehow has a blank password on the OS, sshd must not allow that user to log in.
    SV-239161r675291_rule PHTN-67-000090 CCI-000366 MEDIUM The Photon operating system must configure sshd to disallow compression of the encrypted session stream. If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection.
    SV-239162r675294_rule PHTN-67-000091 CCI-000366 MEDIUM The Photon operating system must configure sshd to display the last login immediately after authentication. Providing users with feedback on the last time they logged on via SSH facilitates user recognition and reporting of unauthorized account use.
    SV-239163r675297_rule PHTN-67-000092 CCI-000366 MEDIUM The Photon operating system must configure sshd to ignore user-specific trusted hosts lists. SSH trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled. Individual users can have a local list of trusted remote machines, which must also be ignored while disabling host-based authenticatio
    SV-239164r675300_rule PHTN-67-000093 CCI-000366 MEDIUM The Photon operating system must configure sshd to ignore user-specific known_host files. SSH trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled. Individual users can have a local list of trusted remote machines which must also be ignored while disabling host-based authentication
    SV-239165r675303_rule PHTN-67-000094 CCI-000366 MEDIUM The Photon operating system must configure sshd to limit the number of allowed login attempts per connection. By setting the login attempt limit to a low value, an attacker will be forced to reconnect frequently, which severely limits the speed and effectiveness of brute-force attacks.
    SV-239166r675306_rule PHTN-67-000095 CCI-000366 MEDIUM The Photon operating system must be configured so that the x86 Ctrl-Alt-Delete key sequence is disabled on the command line. When the Ctrl-Alt-Del target is enabled, a locally logged-on user who presses Ctrl-Alt-Delete, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-te
    SV-239167r675309_rule PHTN-67-000096 CCI-000366 MEDIUM The Photon operating system must be configured so that the /etc/skel default scripts are protected from unauthorized modification. If the skeleton files are not protected, unauthorized personnel could change user startup parameters and possibly jeopardize user files.
    SV-239168r675312_rule PHTN-67-000097 CCI-000366 MEDIUM The Photon operating system must be configured so that the /root path is protected from unauthorized access. If the /root path is accessible from users other than root, unauthorized users could change the root partitions files.
    SV-239169r675315_rule PHTN-67-000098 CCI-000366 MEDIUM The Photon operating system must be configured so that all global initialization scripts are protected from unauthorized modification. Local initialization files are used to configure the user's shell environment upon login. Malicious modification of these files could compromise accounts upon login.
    SV-239170r675318_rule PHTN-67-000099 CCI-000366 MEDIUM The Photon operating system must be configured so that all system startup scripts are protected from unauthorized modification. If system startup scripts are accessible to unauthorized modification, this could compromise the system on startup.
    SV-239171r675321_rule PHTN-67-000100 CCI-000366 MEDIUM The Photon operating system must be configured so that all files have a valid owner and group owner. If files do not have valid user and group owners, unintended access to files could occur.
    SV-239172r675324_rule PHTN-67-000101 CCI-000366 MEDIUM The Photon operating system must be configured so that the /etc/cron.allow file is protected from unauthorized modification. If cron files and folders are accessible to unauthorized users, malicious jobs may be created.
    SV-239173r675327_rule PHTN-67-000102 CCI-000366 MEDIUM The Photon operating system must be configured so that all cron jobs are protected from unauthorized modification. If cron files and folders are accessible to unauthorized users, malicious jobs may be created.
    SV-239174r675330_rule PHTN-67-000103 CCI-000366 MEDIUM The Photon operating system must be configured so that all cron paths are protected from unauthorized modification. If cron files and folders are accessible to unauthorized users, malicious jobs may be created.
    SV-239175r675333_rule PHTN-67-000104 CCI-000366 MEDIUM The Photon operating system must not forward IPv4 or IPv6 source-routed packets. Source routing is an Internet Protocol (IP) mechanism that allows an IP packet to carry information, a list of addresses, which tells a router the path the packet must take. There is also an option to record the hops as the route is traversed. The list
    SV-239176r675336_rule PHTN-67-000105 CCI-000366 MEDIUM The Photon operating system must not respond to IPv4 Internet Control Message Protocol (ICMP) echoes sent to a broadcast address. Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.
    SV-239177r675339_rule PHTN-67-000106 CCI-000366 MEDIUM The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted. ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-mi
    SV-239178r675342_rule PHTN-67-000107 CCI-000366 MEDIUM The Photon operating system must prevent IPv4 Internet Control Message Protocol (ICMP) secure redirect messages from being accepted. ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-mi
    SV-239179r675345_rule PHTN-67-000108 CCI-000366 MEDIUM The Photon operating system must not send IPv4 Internet Control Message Protocol (ICMP) redirects. ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
    SV-239180r675348_rule PHTN-67-000109 CCI-000366 MEDIUM The Photon operating system must log IPv4 packets with impossible addresses. The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.
    SV-239181r675351_rule PHTN-67-000110 CCI-000366 MEDIUM The Photon operating system must use a reverse-path filter for IPv4 network traffic. Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface they were received on. It should not be used on systems that are routers for complicated networks but is helpful for end hos
    SV-239182r675354_rule PHTN-67-000111 CCI-000366 MEDIUM The Photon operating system must not perform multicast packet forwarding. Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
    SV-239183r675357_rule PHTN-67-000112 CCI-000366 MEDIUM The Photon operating system must not perform IPv4 packet forwarding. Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
    SV-239184r675360_rule PHTN-67-000113 CCI-000366 MEDIUM The Photon operating system must send TCP timestamps. TCP timestamps are used to provide protection against wrapped sequence numbers. It is possible to calculate system uptime (and boot time) by analyzing TCP timestamps. These calculated uptimes can help a bad actor in determining likely patch levels for vul
    SV-239185r675363_rule PHTN-67-000114 CCI-000366 MEDIUM The Photon OS must not have the xinetd service enabled. The xinetd service is not required for normal appliance operation and must be disabled.
    SV-239186r675366_rule PHTN-67-000115 CCI-000366 MEDIUM The Photon operating system must be configured to protect the SSH public host key from unauthorized modification. If a public host key file is modified by an unauthorized user, the SSH service may be compromised.
    SV-239187r675369_rule PHTN-67-000116 CCI-000366 MEDIUM The Photon operating system must be configured to protect the SSH private host key from unauthorized access. If an unauthorized user obtains the private SSH host key file, the host could be impersonated.
    SV-239188r675372_rule PHTN-67-000117 CCI-000366 MEDIUM The Photon operating system must enforce password complexity on the root account. Password complexity rules must apply to all accounts on the system, including root. Without specifying the enforce_for_root flag, pam_cracklib does not apply complexity rules to the root user. While root users can find ways around this requirement, given
    SV-239189r675375_rule PHTN-67-000118 CCI-000366 MEDIUM The Photon operating system must protect all boot configuration files from unauthorized access. Boot configuration files control how the system boots, including single-user mode, auditing, log levels, etc. Improper or malicious configurations can negatively affect system security and availability.
    SV-239190r675378_rule PHTN-67-000119 CCI-000366 MEDIUM The Photon operating system must protect sshd configuration from unauthorized access. The sshd_config file contains all the configuration items for sshd. Incorrect or malicious configuration of sshd can allow unauthorized access to the system, insecure communication, limited forensic trail, etc.
    SV-239191r675381_rule PHTN-67-000120 CCI-000366 MEDIUM The Photon operating system must protect all sysctl configuration files from unauthorized access. The sysctl configuration file specifies values for kernel parameters to be set on boot. Incorrect or malicious configuration of these parameters can have a negative effect on system security.
    SV-239192r675384_rule PHTN-67-000121 CCI-000366 MEDIUM The Photon operating system must ship vCenter SSO logs via rsyslog. Information stored in one location is vulnerable to accidental or incidental deletion or alteration. Proper configuration of rsyslog ensures that information critical to forensic analysis of security events is available for future action without any manua
    SV-239193r675387_rule PHTN-67-000122 CCI-000366 MEDIUM The Photon operating system must set the UMASK parameter correctly. The umask value influences the permissions assigned to files when they are created. The umask setting in login.defs controls the permissions for a new user's home directory. By setting the proper umask, home directories will only allow the new user to rea
    SV-239194r675390_rule PHTN-67-000123 CCI-000366 MEDIUM The Photon operating system must configure sshd to disallow HostbasedAuthentication. SSH trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled.
    SV-239195r675393_rule PHTN-67-000124 CCI-000213 MEDIUM The Photon operating system must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies. If the system does not require authentication before it boots into single-user mode, anyone with vCenter console rights to the VCSA can trivially access all files on the system. GRUB2 is the boot loader for Photon OS and can be configured to require a pas