The ESXi host OpenSLP service must be disabled.

An XCCDF Rule

Description

<VulnDiscussion>OpenSLP implements the Service Location Protocol to help CIM clients discover CIM servers over TCP 427. This service is not widely needed and has had vulnerabilities exposed in the past. To reduce attack surface area and following the minimum functionality principal, the OpenSLP service must be disabled unless explicitly needed and approved. Note: Disabling the OpenSLP service may affect monitoring and third-party systems that use the WBEM DTMF protocols.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID: SV-258786r933419_rule
Severity: Medium
References: CCI-000366
Updated: 17 days ago

From the vSphere Client go to Hosts and Clusters.

Select the ESXi Host >> Configure >> System >> Services.

Under "Services" select the "slpd" service and click the "Stop" button.
Click "Edit Startup policy..." and select the "Start and stop manually" radio button. Click "OK".

or

From a PowerCLI command prompt while connected to the ESXi host, run the following commands:

Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"} | Set-VMHostService -Policy Off
Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"} | Stop-VMHostService

The ESXi host OpenSLP service must be disabled.

Description

Remediation - Manual Procedure