STIGQter: STIG Summary: VMW vSphere 6.5 vCenter Server for Windows Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 22 Jan 2021:

The vCenter Server for Windows must configure the vSAN Datastore name to a unique name.

DISA Rule

SV-216874r612237_rule

Vulnerability Number

V-216874

Group Title

SRG-APP-000516

Rule Version

VCWN-65-000055

Severity

CAT II

CCI(s)

• CCI-000366 - The organization implements the security configuration settings.

Weight

10

Fix Recommendation

From the vSphere Web Client go to Host and Clusters >> Select a vSAN Enabled Cluster >> Datastores. Right-click on the datastore named "vsanDatastore" and select "Rename". Rename the datastore based on operational naming standards.

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:
If($(Get-Cluster | where {$_.VsanEnabled} | Measure).Count -gt 0){
Write-Host "vSAN Enabled Cluster found"
$Clusters = Get-Cluster | where {$_.VsanEnabled}
Foreach ($clus in $clusters){
$clus | Get-Datastore | where {$_.type -match "vsan"} | Set-Datastore -Name $(($clus.name) + "_vSAN_Datastore")
}
}
else{
Write-Host "vSAN is not enabled, this finding is not applicable"
}

Check Contents

If no clusters are enabled for vSAN, this is not applicable.

From the vSphere Web Client go to Host and Clusters >> Select a vSAN Enabled Cluster >> Datastores. Review the datastores.

Identify any datastores with "vsan" as the datastore type.

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:
If($(Get-Cluster | where {$_.VsanEnabled} | Measure).Count -gt 0){
Write-Host "vSAN Enabled Cluster found"
Get-Cluster | where {$_.VsanEnabled} | Get-Datastore | where {$_.type -match "vsan"}
}
else{
Write-Host "vSAN is not enabled, this finding is not applicable"
}

If vSAN is Enabled and the datastore is named "vsanDatastore", this is a finding.

Vulnerability Number

V-216874

Documentable

False

Rule Version

VCWN-65-000055

Severity Override Guidance

If no clusters are enabled for vSAN, this is not applicable.

From the vSphere Web Client go to Host and Clusters >> Select a vSAN Enabled Cluster >> Datastores. Review the datastores.

Identify any datastores with "vsan" as the datastore type.

or

From a PowerCLI command prompt while connected to the vCenter server run the following command:
If($(Get-Cluster | where {$_.VsanEnabled} | Measure).Count -gt 0){
Write-Host "vSAN Enabled Cluster found"
Get-Cluster | where {$_.VsanEnabled} | Get-Datastore | where {$_.type -match "vsan"}
}
else{
Write-Host "vSAN is not enabled, this finding is not applicable"
}

If vSAN is Enabled and the datastore is named "vsanDatastore", this is a finding.

Check Content Reference

M

Target Key

4030

Comments