Check: VCENTER-000006
VMware vCenter Server Version 5 STIG:
VCENTER-000006
(in versions v2 r1 through v1 r7)
Title
The Web datastore browser must be disabled, unless required for normal day-to-day operations. (Cat III impact)
Discussion
The Web datastore browser enables viewing of all the datastores associated with the vSphere deployment, including all folders and files, such as VM files. This functionality is controlled by the organization-specific, user permissions on vCenter Server.
Check Content
If the Web datastore browser is required for normal, daily operational tasks, this check is not applicable. Verify the Web datastore browser is disabled: Determine the location of the vpxd.cfg file on the vCenter Server's Windows OS host. Edit the file and locate the <vpxd> </vpxd> element. Ensure the following element is set. <enableHttpDatastoreAccess>false</enableHttpDatastoreAccess> If the Web datastore browser is not disabled, this is a finding.
Fix Text
If the Web datastore browser is enabled and required for normal, daily operational tasks, no fix is required. Disable the Web datastore browser: Determine the location of the vpxd.cfg file on the Windows host. Edit the file and locate the <vpxd> ... </vpxd> element. Ensure the following element is set <enableHttpDatastoreAccess>false</enableHttpDatastoreAccess> Restart the vCenter Service to ensure the config file change(s) are in effect.
Additional Identifiers
Rule ID: SV-250728r799874_rule
Vulnerability ID: V-250728
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |