Please provide your feedback in this short Flings' survey.
Aug 14, 2021

In the new 6.5 STIGs the ciphers required (ESXI-65-000010) are listed as aes256-ctr,aes192-ctr,aes128-ctr. When running the check on a ESXi Host with the STIG vib installed the results returned are aes128-ctr,aes192-ctr,aes256-ctr. Is this a Vib issue or does the STIG wording need to be changed?

Aug 18, 2021

No technical issue. The wording was updated it seems in order of strongest to weakest cipher but either order is fine.

Aug 03, 2021

Is there a way to see the info in the VIB? We would like to add things to the VIB that would be specific to us, so we wouldnt have to follow up with another powercli script etc after.

Aug 10, 2021

Joe it's not possible to alter the VIB because it is signed which would break that. It is possible to create your own custom VIB but it would not be officially signed and usable through VUM/VLCM.

Jul 29, 2021

Sorry if this has been addressed - is there a list (or way to check) that shows all the settings this VIB touches?

Jul 29, 2021

I did phrase that well. Is there a list of 6.7 STIG IDs that the VIB remediates?

Aug 10, 2021

No the documentation hasn't been updated with STIG IDs since the 6.7 STIG came out but it is all controls relating to the /etc/ssh/sshd_config, /etc/pam.d/passwd, and /etc/vmware/welcome files.

Aug 10, 2021

Actually /etc/pam.d/passwd it not part of the latest 6.7 VIB sorry about that.

Jul 28, 2021

Thanks for all the work on the VIBs.. However some of the settings inside the VIB I have to undo so I can support other cyber functions in the tactical space, is there any way to update the VIB? Should I just edit our custom ISO vsphere install and just copy contents out to apply during install? Should I just deploy the VIB and have systems undo the STIGs needed for their systems and document?

Aug 10, 2021

Hi pacificeve,

Please reach out to stigs@vmware.com so we can discuss your scenario and see what we can do to help.