No technical issue. The wording was updated it seems in order of strongest to weakest cipher but either order is fine.
Is there a way to see the info in the VIB? We would like to add things to the VIB that would be specific to us, so we wouldnt have to follow up with another powercli script etc after.
Joe it's not possible to alter the VIB because it is signed which would break that. It is possible to create your own custom VIB but it would not be officially signed and usable through VUM/VLCM.
Sorry if this has been addressed - is there a list (or way to check) that shows all the settings this VIB touches?
No the documentation hasn't been updated with STIG IDs since the 6.7 STIG came out but it is all controls relating to the /etc/ssh/sshd_config, /etc/pam.d/passwd, and /etc/vmware/welcome files.
Thanks for all the work on the VIBs.. However some of the settings inside the VIB I have to undo so I can support other cyber functions in the tactical space, is there any way to update the VIB? Should I just edit our custom ISO vsphere install and just copy contents out to apply during install? Should I just deploy the VIB and have systems undo the STIGs needed for their systems and document?
Hi pacificeve,
Please reach out to stigs@vmware.com so we can discuss your scenario and see what we can do to help.
In the new 6.5 STIGs the ciphers required (ESXI-65-000010) are listed as aes256-ctr,aes192-ctr,aes128-ctr. When running the check on a ESXi Host with the STIG vib installed the results returned are aes128-ctr,aes192-ctr,aes256-ctr. Is this a Vib issue or does the STIG wording need to be changed?