Check: ESXI-67-000079
VMware vSphere 6.7 ESXi STIG:
ESXI-67-000079
(in versions v1 r3 through v1 r1)
Title
The ESXi host must not suppress warnings that the local or remote shell sessions are enabled. (Cat II impact)
Discussion
Warnings that local or remote shell sessions are enabled alert administrators to activity that they may not be aware of and need to investigate.
Check Content
From the vSphere Web Client, select the host and click Configure >> System >> Advanced System Settings. Find the "UserVars.SuppressShellWarning" value and verify that it is set to the following: 0 If the value is not set as above or does not exist, this is a finding. or From a PowerCLI command prompt while connected to the ESXi host, run the following command: Get-VMHost | Get-AdvancedSetting -Name UserVars.SuppressShellWarning If the value returned is not "0" or the setting does not exist, this is a finding.
Fix Text
From the vSphere Web Client, select the host and click Configure >> System >> Advanced System Settings. Find the "UserVars.SuppressShellWarning" value and set it to the following: 0 or From a PowerCLI command prompt while connected to the ESXi host, run the following command: Get-VMHost | Get-AdvancedSetting -Name UserVars.SuppressShellWarning | Set-AdvancedSetting -Value "0"
Additional Identifiers
Rule ID: SV-239329r674916_rule
Vulnerability ID: V-239329
Group Title: SRG-OS-000480-VMM-002000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |