Check: VCTR-67-000075
VMware vSphere 6.7 vCenter STIG:
VCTR-67-000075
(in versions v1 r4 through v1 r1)
Title
The vCenter Server must enable all tasks to be shown to Administrators in the Web Client. (Cat II impact)
Discussion
By default not all tasks are shown in the web client to administrators and only that user's tasks will be shown. Enabling all tasks to be shown will allow the administrator to potentially see any malicious activity they may miss with the view disabled.
Check Content
Note: For vCenter Server Appliance, this is not applicable. Verify the "webclient.properties" file contains the line "show.allusers.tasks = true". On the vCenter Server locate the "webclient.properties" file in C:\ProgramData\VMware\vCenterServer\cfg\vsphere-client If "show.allusers.tasks" is not set to "true", this is a finding.
Fix Text
Edit the "webclient.properties" file to set the "show.allusers.tasks" value to "true". On the vCenter Server locate the "webclient.properties" file in C:\ProgramData\VMware\vCenterServer\cfg\vsphere-client After editing the file the vSphere Client service will need to be restarted.
Additional Identifiers
Rule ID: SV-243130r879887_rule
Vulnerability ID: V-243130
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |