Check: VCTR-67-000029
VMware vSphere 6.7 vCenter STIG:
VCTR-67-000029
(in versions v1 r4 through v1 r1)
Title
The vCenter Server must enable all tasks to be shown to Administrators in the Web Client. (Cat II impact)
Discussion
By default, not all tasks are shown in the Web Client to Administrators, and only that user's tasks will be shown. Enabling all tasks to be shown will allow the Administrator to potentially see any malicious activity they may miss with the view disabled.
Check Content
Note: For vCenter Server Windows, this is not applicable. On the vCenter Server, execute the following command: # grep "^show\.allusers\.tasks" /etc/vmware/vsphere-client/webclient.properties Expected result: show.allusers.tasks = true If the output does not match the expected result, this is a finding.
Fix Text
Navigate to and open /etc/vmware/vsphere-client/webclient.properties. Remove any existing "show.allusers.tasks" line and add the following: show.allusers.tasks = true
Additional Identifiers
Rule ID: SV-243093r879887_rule
Vulnerability ID: V-243093
Group Title: SRG-APP-000516
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |