Details
Configure VMware Tools to disable host info from being sent to guests.
*Rationale*
By enabling a VM to get detailed information about the physical host, an adversary could
potentially use this information to inform further attacks on the host. If set to TRUE, a VM
can obtain detailed information about the physical host. The default value for the
parameter is FALSE. This setting should not be TRUE unless a particular VM requires this
information for performance monitoring.
Solution
To implement the recommended configuration state, run the following PowerCLI
command-# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name ‘tools.guestlib.enableHostInfo’ -value $false
Impact-You cannot retrieve performance information about the host from inside the guest virtual
machine, there are times when this can be useful for troubleshooting.
Default Value-The prescribed state is the default state.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system VMware.