Skip to content
Log In

VMware vSphere 7.0 VAMI Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • SRG-APP-000516-WSR-000174

    Group
    Show

  • SRG-APP-000266-WSR-000159

    Group
    Show

  • VAMI must be configured to hide the server type and version in client responses.

    Web servers will often display error messages to client users, displaying enough information to aid in the debugging of the error. The information given back in error messages may display the web s...
    Rule Medium Severity
    Show

  • SRG-APP-000179-WSR-000111

    Group
    Show

  • VAMI must enable FIPS mode.

    Encryption is only as good as the encryption modules used. Unapproved cryptographic module algorithms cannot be verified and cannot be relied on to provide confidentiality or integrity, and DOD dat...
    Rule High Severity
    Show

  • VAMI must limit the number of simultaneous requests.

    Denial of service (DoS) is one threat against web servers. Many DoS attacks attempt to consume web server resources in such a way that no more resources are available to satisfy legitimate requests...
    Rule Medium Severity
    Show

  • VAMI must generate log records for system startup and shutdown.

    Logging must be started as soon as possible when a service starts and when a service is stopped. Many forms of suspicious actions can be detected by analyzing logs for unexpected service starts and...
    Rule Medium Severity
    Show

  • VAMI must produce log records containing sufficient information to establish what type of events occurred.

    After a security incident has occurred, investigators will often review log files to determine what happened. Understanding what type of event occurred is critical for investigation of a suspicious...
    Rule Medium Severity
    Show

  • The rsyslog must be configured to monitor VAMI logs.

    For performance reasons, rsyslog file monitoring is preferred over configuring VAMI to send events to a syslog facility. Without ensuring that logs are created, rsyslog configs are created, and tho...
    Rule Medium Severity
    Show

  • VAMI must have Multipurpose Internet Mail Extensions (MIME) that invoke operating system shell programs disabled.

    Controlling what a user of a hosted application can access is part of the security posture of the web server. Any time a user can access more functionality than is needed for the operation of the h...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules