Details

If personnel are not notified of permission events, they will not be aware of possible unsecure situations.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From the vSphere Client select the vCenter server at the top of the hierarchy and go to >> Alarms >> Definitions >> Right click in the empty space and select New Alarm. On the General tab provide an alarm name and description, Select vCenter for alarm type and ‘Monitor for specific events occurring on this object’, check ‘Enable this alarm’. On the Triggers tab click Add three triggers and in the event column enter ‘vim.event.PermissionAddedEvent’, ‘vim.event.PermissionRemovedEvent’, and ‘vim.event.PermissionUpdatedEvent’ for the three triggers and click OK.

Supportive Information

The following resource is also helpful.

• http://iasecontent.disa.mil/stigs/zip/U_VMware_vSphere_6-0_vCenter_Server_for_Windows_V1R4_STIG.zip

This security hardening control applies to the following category of controls within NIST 800-53: System and Information Integrity.This control applies to the following type of system VMware.

References

• 800-53|SI-6c.
• CAT|II
• CCI|CCI-001294
• Group-ID|V-64035
• Rule-ID|SV-78525r1_rule
• STIG-ID|VCWN-06-000050
• Vuln-ID|V-64035

Source

• Tenable.com/audits