ESXI-06-000043 – The system must logout of the console UI after a predetermined period.

Details

When the Direct console user interface (DCUI) is enabled and logged in it should be automatically logged out if left logged in to avoid unauthorized privilege gains. The DcuiTimeOut defines a window of time after which the DCUI will be logged out.

Solution

From the vSphere Client select the ESXi Host and go to Configuration >> Advanced Settings. Select the UserVars.DcuiTimeOut value and configure it to 600.

From a PowerCLI command prompt while connected to the ESXi host run the following commands:

Get-VMHost | Get-AdvancedSetting -Name UserVars.DcuiTimeOut | Set-AdvancedSetting -Value 600

Supportive Information

The following resource is also helpful.

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system VMware.

References

800-53|SC-10
CAT|II
CCI|CCI-001133
Group-ID|V-63255
Rule-ID|SV-77745r1_rule
STIG-ID|ESXI-06-000043
Vuln-ID|V-63255

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles