Skip to content
Log In

VMware vSphere 8.0 ESXi Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The ESXi Common Information Model (CIM) service must be disabled.

    The CIM system provides an interface that enables hardware-level management from remote applications via a set of standard application programming interfaces (APIs). These APIs are consumed by exte...
    Rule Medium Severity
    Show

  • The ESXi host OpenSLP service must be disabled.

    OpenSLP implements the Service Location Protocol to help CIM clients discover CIM servers over TCP 427. This service is not widely needed and has had vulnerabilities exposed in the past. To reduce ...
    Rule Medium Severity
    Show

  • The ESXi host must enable audit logging.

    ESXi offers both local and remote audit recordkeeping to meet the requirements of the NIAP Virtualization Protection Profile and Server Virtualization Extended Package. Local records are stored on ...
    Rule Medium Severity
    Show

  • The ESXi host must not be configured to override virtual machine (VM) logger settings.

    Each VM on an ESXi host runs in its own "vmx" process. Upon creation, a vmx process will look in two locations for configuration items, the ESXi host itself and the per-vm *.vmx file in the VM stor...
    Rule Medium Severity
    Show

  • The ESXi host must configure a persistent log location for all locally stored logs.

    ESXi can be configured to store log files on an in-memory file system. This occurs when the host's "/scratch" directory is linked to "/tmp/scratch". When this is done, only a single day's worth of ...
    Rule Medium Severity
    Show

  • The ESXi host must use sufficient entropy for cryptographic operations.

    Starting in vSphere 8.0, the ESXi Entropy implementation supports the FIPS 140-3 and EAL4 certifications. Kernel boot options control which entropy sources to activate on an ESXi host. In computin...
    Rule Medium Severity
    Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules