ESXI-67-000023 – The ESXi host SSH daemon must be configured to not allow X11 forwarding.

Details

X11 forwarding over SSH allows for the secure remote execution of X11-based applications. This feature can increase the attack surface of an SSH connection.

Solution

From an SSH session connected to the ESXi host, or from the ESXi shell, add or correct the following line in ‘/etc/ssh/sshd_config’:

X11Forwarding no

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-7_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.

References

800-53|CM-6b.
CAT|II
CCI|CCI-000366
CSCv6|3.1
Rule-ID|SV-239278r674763_rule
STIG-ID|ESXI-67-000023
STIG-Legacy|SV-104079
STIG-Legacy|V-93993
Vuln-ID|V-239278

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles