Skip to content

VMware vSphere 8.0 vCenter Appliance Photon OS 4.0 Security Technical Implementation Guide

Rules, Groups, and Values defined within the XCCDF Benchmark

  • The Photon operating system must configure Secure Shell (SSH) to ignore user-specific known_host files.

    <VulnDiscussion>SSH trust relationships enable trivial lateral spread after a host compromise and therefore must be explicitly disabled. Indi...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must configure Secure Shell (SSH) to limit the number of allowed login attempts per connection.

    &lt;VulnDiscussion&gt;By setting the login attempt limit to a low value, an attacker will be forced to reconnect frequently, which severely limits ...
    Rule Medium Severity
  • SRG-OS-000480-GPOS-00227

    <GroupDescription></GroupDescription>
    Group
  • The Photon operating system must configure Secure Shell (SSH) to restrict AllowTcpForwarding.

    &lt;VulnDiscussion&gt;While enabling TCP tunnels is a valuable function of sshd, this feature is not appropriate for use on single purpose applianc...
    Rule Medium Severity

The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.

Capacity
Modules