VMware Cloud Community
LDnB__CA
Contributor
Contributor
‎07-02-2017 11:39 PM

Unknown Enabling and Disabling of ESXi Shell in Log v6.0u3

Hi,

**EDIT: I figured out that it was enabling the console Shell after every reboot. I have no idea why it is doing this. Seems strange (new to this though)

Last week and periodically, I have multiple enabling, disabling of the ESXi shell on my box's log. I am new to this but currently have about 4 VMs on it and loaded the DOD security STIG, which I don't think is really relevant but maybe I'm wrong.

Anyways, any reason why I would see activity in my log like this? I have not done much at all on it lately yet last  Tuesday I see it enabling/disabling the shell about three times. Weeks prior to that there is similar activity.  No commands except that which makes me think perhaps someone was attempting to hack it but wasn't successful or maybe they deleted their actions from the log somehow? I went into the log because twice the shell was enabled in the web interface and I didnt remember opening the shell. Haven't done any work like that in a few months. Thank You

Tags (3)
0 Kudos
3 Replies
Sreejesh_D
Virtuoso
Virtuoso
‎07-03-2017 01:22 AM

thats bit strange. a reboot should not enable shell access.

Are you following the below steps to enable / disable shell access?

Use the Direct Console User Interface (DCUI) to Enable Access to the ESXi Shell

0 Kudos
vijayrana968
Virtuoso
Virtuoso
‎07-03-2017 01:28 AM

Have you looked in logs ?

/var/log/shell.log: ESXi Shell usage logs, including enable/disable and every command entered. For more information, see vSphere 5.5 Command-Line Documentation and Auditing ESXi Shell logins and commands in ESXi 5.x (2004810).

theaaronstrong
Enthusiast
Enthusiast
‎07-04-2017 08:18 AM

Do you have anything in your host profile configured? ESXi Shell is disabled by default OOB.