Hi,
**EDIT: I figured out that it was enabling the console Shell after every reboot. I have no idea why it is doing this. Seems strange (new to this though)
Last week and periodically, I have multiple enabling, disabling of the ESXi shell on my box's log. I am new to this but currently have about 4 VMs on it and loaded the DOD security STIG, which I don't think is really relevant but maybe I'm wrong.
Anyways, any reason why I would see activity in my log like this? I have not done much at all on it lately yet last Tuesday I see it enabling/disabling the shell about three times. Weeks prior to that there is similar activity. No commands except that which makes me think perhaps someone was attempting to hack it but wasn't successful or maybe they deleted their actions from the log somehow? I went into the log because twice the shell was enabled in the web interface and I didnt remember opening the shell. Haven't done any work like that in a few months. Thank You
thats bit strange. a reboot should not enable shell access.
Are you following the below steps to enable / disable shell access?
Use the Direct Console User Interface (DCUI) to Enable Access to the ESXi Shell
Have you looked in logs ?
/var/log/shell.log
: ESXi Shell usage logs, including enable/disable and every command entered. For more information, see vSphere 5.5 Command-Line Documentation and Auditing ESXi Shell logins and commands in ESXi 5.x (2004810).
Do you have anything in your host profile configured? ESXi Shell is disabled by default OOB.