Ensure the Exception Users list is properly configured
Details Users who are added to the ‘Exception Users’ list do not lose their permissions when the host enters lockdown...
- Home
- Security Hardening
- CIS VMware ESXi 7.0 V1.1.0 L1
CIS VMware ESXi 7.0 V1.1.0 L1
Ensure the ESXi shell is disabled
Details The ESXi shell is an interactive command line environment available from the Direct Console User Interface (DCUI) or remotely...Ensure the maximum failed login attempts is set to 5
Details Authentication should be configured so there is a maximum number of consecutive failed login attempts for each account, at...Ensure the shell services timeout is set to 1 hour or less
Details When the ESXi shell or SSH services are enabled on a host, they will run indefinitely. To avoid this,...Ensure the vSwitch Forged Transmits policy is set to reject
Details Set the vSwitch Forged Transmits policy to reject for each vSwitch. Reject Forged Transmit can be set at the...Ensure the vSwitch MAC Address Change policy is set to reject
Details Ensure the MAC Address Change policy within the vSwitch is set to reject. Reject MAC Changes can be set...Ensure the vSwitch Promiscuous Mode policy is set to reject
Details Ensure the Promiscuous Mode Policy within the vSwitch is set to reject. Promiscuous mode can be set at the...Ensure unauthorized connection of devices is disabled
Details In a virtual machine, users and processes without root or administrator privileges can connect devices, such as network adapters...Ensure unauthorized modification and disconnection of devices is disabled
Details In a virtual machine, users and processes without root or administrator privileges can disconnect devices, such as network adapters...Ensure unnecessary floppy devices are disconnected
Details Ensure that no floppy device is connected to a virtual machine unless required. For a floppy device to be...