DoD Security Technical Implementation Guide(STIG) ESXi VIB
This VIB has been developed to help customers rapidly implement the more challenging aspects of the vSphere STIG. These include the fact that installation is time consuming and must be done manually on the ESXi hosts. In certain cases, it may require complex scripting, or even development of an in-house VIB that would not be officially digitally signed by VMware (and therefore would not be deployed as a normal patch would).
Absolutely love the ability to add a custom banner! For someone building systems subject to the DOD STIG hardening but required to have a custom welcome message, this is huge!
I still need to run PS scripts to apply the last few settings and to generate hardening reports, but this simplifies the hardening process (and maintenance) so much and being able to use a VMware signed VIB adds a bit of credibility on top =) <3 <3
I'm able to install the esxi vib w/ root enabled for 7.0 and it shows installed when I run 'esxcli software vib list | more' However, I don't see any STIG changes on the Host. It doesn't look like it's being enforced. No DOD welcome message is displayed on SSH or the Console. I didn't notice any changes to items STIG hardening should touch. What am I missing?
Hi the 7.0 VIB no longer updates the banners since they are able to be set via advanced settings. See the pdf included with the download for more details.
Has anyone been able to successfully edit the Annotations.WelcomeMessage and make the DCUI look good without using the STIG VIB? With new builds at 7.0.3 we no longer need to install the VIB so I tried to copy the /etc/vmware/welcome file but since 7.0U2 files under /etc either no longer exist, or changes to them do not persist a reboot.
SSH does not even start as seen in auth.log due to the default environment in the SSHD_Config in the fling, can no longer SSH to manage it. Cannot edit file at all, cannot chmod cannot do anything outside of possible booting up an ubuntu dvd, mounting the file system and modifying it outside esxi - which I am not going to do.
Tim see the comments here: https://flings.vmware.com/dod-security-technical-implementation-guide-stig-esxi-vib/bugs/1387