Check: VCENTER-000013
VMware vCenter Server Version 5 STIG:
VCENTER-000013
(in versions v2 r1 through v1 r7)
Title
Access to SSL certificates must be monitored. (Cat II impact)
Discussion
The directory that contains the SSL certificates only needs to be accessed by the service account user on a regular basis. Occasionally, the vCenter Server system administrator might need to access it for support purposes. The SSL certificate can be used to impersonate vCenter and decrypt the vCenter database password.
Check Content
Ask the SA if event log monitoring is used to alert on non-service account access to the certificates directory. If event log monitoring is not used, this is a finding.
Fix Text
Set up Windows event log monitoring to alert on nonservice account access to the certificates directory.
Additional Identifiers
Rule ID: SV-250733r799889_rule
Vulnerability ID: V-250733
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |