STIGQter: STIG Summary: VMware vSphere 6.7 ESXi Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021: STIGQter: STIG Summary: VMware vSphere 6.7 ESXi Security Technical Implementation Guide Version: 1 Release: 1 Benchmark Date: 09 Mar 2021:SV-239260r674709_rule
V-239260
SRG-OS-000480-VMM-002000
ESXI-67-000003
CAT III
10
From the vSphere Client, select the ESXi host and go to Configure >> System >> Security Profile.
Under "Lockdown Mode", click "Edit" and remove unnecessary users from the exceptions list.
For environments that do not use vCenter server to manage ESXi, this is Not Applicable.
From the vSphere Client, select the ESXi host and go to Configure >> System >> Security Profile.
Under Lockdown Mode, review the Exception Users list.
or
From a PowerCLI command prompt while connected to the ESXi host, run the following script:
$vmhost = Get-VMHost | Get-View
$lockdown = Get-View $vmhost.ConfigManager.HostAccessManager
$lockdown.QueryLockdownExceptions()
If the Exception Users list contains accounts that do not require special permissions, this is a finding.
Note: This list is not intended for system administrator accounts but for special circumstances such as a service account.
V-239260
False
ESXI-67-000003
For environments that do not use vCenter server to manage ESXi, this is Not Applicable.
From the vSphere Client, select the ESXi host and go to Configure >> System >> Security Profile.
Under Lockdown Mode, review the Exception Users list.
or
From a PowerCLI command prompt while connected to the ESXi host, run the following script:
$vmhost = Get-VMHost | Get-View
$lockdown = Get-View $vmhost.ConfigManager.HostAccessManager
$lockdown.QueryLockdownExceptions()
If the Exception Users list contains accounts that do not require special permissions, this is a finding.
Note: This list is not intended for system administrator accounts but for special circumstances such as a service account.
M
5326