STIGQter STIGQter: STIG Summary: VMware ESXi Server 5.0 Security Technical Implementation Guide Version: 1 Release: 10 Benchmark Date: 27 Jan 2017: The system must enable lockdown mode to restrict remote access.

DISA Rule

SV-51243r2_rule

Vulnerability Number

V-39385

Group Title

SRG-OS-000092

Rule Version

SRG-OS-000092-ESXI5

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

To enable Lockdown mode on an ESXi host managed by a vCenter Server, log in directly the ESXi host as root. Open the DCUI on the host. Press F2 for Initial Setup. Toggle the Configure Lockdown Mode setting and configure Lockdown Mode.

Check Contents

For ESXi hosts that are not managed by a vCenter Server, this check is not applicable.

From the vSphere client, select the host then select "Configuration >> Security Profile". Verify Lockdown Mode is enabled.

Alternatively, issue the following command via the CLI:
# vim-cmd vimsvc/auth/lockdown_is_enabled

If Lockdown Mode is not enabled (true), this is a finding.

Vulnerability Number

V-39385

Documentable

False

Rule Version

SRG-OS-000092-ESXI5

Severity Override Guidance

For ESXi hosts that are not managed by a vCenter Server, this check is not applicable.

From the vSphere client, select the host then select "Configuration >> Security Profile". Verify Lockdown Mode is enabled.

Alternatively, issue the following command via the CLI:
# vim-cmd vimsvc/auth/lockdown_is_enabled

If Lockdown Mode is not enabled (true), this is a finding.

Check Content Reference

M

Responsibility

System Administrator

Target Key

2370

Comments