Details

After someone has logged in to the vCenter Server system, it becomes more difficult to prevent what they can do. In general, logging in to the vCenter Server system should be limited to very privileged administrators, and then only for the purpose of administering vCenter Server or the host OS. Anyone logged in to the vCenter Server can potentially cause harm, either intentionally or unintentionally, by altering settings and modifying processes. They also have potential access to vCenter credentials, such as the SSL certificate.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Remove all unnecessary users and/or groups from the local administrators group of the vCenter server.

Supportive Information

The following resource is also helpful.

• https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_vSphere_6-5_Y21M10_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system VMware.

References

• 800-53|CM-6b.
• CAT|I
• CCI|CCI-000366
• Rule-ID|SV-216849r612237_rule
• STIG-ID|VCWN-65-000027
• STIG-Legacy|SV-104593
• STIG-Legacy|V-94763
• Vuln-ID|V-216849

Source

• Tenable.com/audits