STIGQter: STIG Summary: VMware vSphere 6.5 ESXi Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021: STIGQter: STIG Summary: VMware vSphere 6.5 ESXi Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:SV-207604r388482_rule
V-207604
SRG-OS-000480-VMM-002000
ESXI-65-000003
CAT III
10
From the vSphere Web Client select the ESXi Host and go to Configure >> System >> Security Profile. Under lockdown mode click Edit and remove unnecessary users to the exceptions list.
From the vSphere Web Client select the ESXi Host and go to Configure >> System >> Security Profile. Under lockdown mode review the exception users list.
or
From a PowerCLI command prompt while connected to the ESXi host run the following script:
$vmhost = Get-VMHost | Get-View
$lockdown = Get-View $vmhost.ConfigManager.HostAccessManager
$lockdown.QueryLockdownExceptions()
If the Exception users list contains accounts that do not require special permissions, this is a finding.
Note - This list is not intended for system administrator accounts but for special circumstances such as a service account.
For environments that do not use vCenter server to manage ESXi, this is not applicable.
V-207604
False
ESXI-65-000003
From the vSphere Web Client select the ESXi Host and go to Configure >> System >> Security Profile. Under lockdown mode review the exception users list.
or
From a PowerCLI command prompt while connected to the ESXi host run the following script:
$vmhost = Get-VMHost | Get-View
$lockdown = Get-View $vmhost.ConfigManager.HostAccessManager
$lockdown.QueryLockdownExceptions()
If the Exception users list contains accounts that do not require special permissions, this is a finding.
Note - This list is not intended for system administrator accounts but for special circumstances such as a service account.
For environments that do not use vCenter server to manage ESXi, this is not applicable.
M
2925