VMware vSphere 8.0 vCenter Appliance Envoy Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

SRG-APP-000118-WSR-000068

Group

Show

The vCenter Envoy and Rhttpproxy service log files permissions must be set correctly.

Log data is essential in the investigation of events. If log data were to become compromised, then competent forensic analysis and discovery of the true source of potentially malicious system activ...

Rule Medium Severity

Show

SRG-APP-000176-WSR-000096

Group

Show

The vCenter Envoy service private key file must be protected from unauthorized access.

Envoy's private key is used to prove the identity of the server to clients and securely exchange the shared secret key used to encrypt communications between the web server and clients. By gainin...

Rule Medium Severity

Show

SRG-APP-000358-WSR-000063

Group

Show

SRG-APP-000358-WSR-000063

Group

Show

The vCenter Envoy service log files must be sent to a central log server.

Writing events to a centralized management audit system offers many benefits to the enterprise over having dispersed logs. Centralized management of audit records and logs provides for efficiency i...

Rule Medium Severity

Show

SRG-APP-000001-WSR-000001

Group

Show

The vCenter Rhttpproxy service log files must be sent to a central log server.

Rule Medium Severity

Show

The vCenter Envoy service must set a limit on remote connections.

Envoy client connections must be limited to preserve system resources and continue servicing connections without interruption. Without a limit set, the system would be vulnerable to a trivial denia...

Rule Medium Severity

Show

Node 2

siemur/test-space

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity

Modules