Details
Enable VGA Only mode for the Virtual Machine video card.
*Rationale*
Many Server-class virtual machines need only a standard VGA console (typically a
Unix/Linux server or Windows Server Core system). Enabling this setting removes
additional unnecessary graphics functionality beyond disabling 3D. This reduces the
potential attack surface available for malicious attacks.
Solution
Check that the virtual machine advanced setting of ‘svga.vgaonly’ is set to TRUE.To modify the advanced settings of a virtual machine using the vSphere Client-
1. Ensure that the virtual machine has been shutdown and is powered off.
2. Right-click on the virtual machine.
3. Click Edit Settings… to open the Virtual Machine Properties window.
4. Click the Options tab.
5. From the list on the left, click Advanced > General.
6. On the Configuration Parameters frame on the right, click Configuration
Parameters….
7. Click Add Row.
8. On the new row, click under the Name column and specify the configuration option
name.
9. On the new row, click under the Value column and specify the configuration value.
10. Start the virtual machine for the settings take effect.
Additionally, the following PowerCLI command may be used-# Add the setting to all VMs
Get-VM | New-AdvancedSetting -Name ‘svga.vgaOnly’ -value $true
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system VMware.