VMware vSphere 7.0 ESXi Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
The ESXi Common Information Model (CIM) service must be disabled.
The CIM system provides an interface that enables hardware-level management from remote applications via a set of standard application programming interfaces (APIs). These APIs are consumed by exte...Rule Medium Severity -
SRG-OS-000478-VMM-001980
Group -
Remote logging for ESXi hosts must be configured.
Remote logging to a central log host provides a secure, centralized store for ESXi logs. By gathering host log files onto a central host, it can more easily monitor all hosts with a single tool. It...Rule Medium Severity -
The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions.
OpenSSH on the ESXi host ships with a FIPS 140-2 validated cryptographic module that is enabled by default. For backward compatibility reasons, this can be disabled so this setting can be audited a...Rule Medium Severity -
The ESXi host Secure Shell (SSH) daemon must be configured to not allow gateway ports.
SSH Transmission Control Protocol (TCP) connection forwarding provides a mechanism to establish TCP connections proxied by the SSH server. This function can provide convenience similar to a virtual...Rule Low Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules