Configuration tools are enabled for virtual machines.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-15896 | ESX1000 | SV-16838r1_rule | ECSC-1 | Low |
| Description |
|---|
| There are other settings that should be specified in the configuration files for virtual machines. The connectable setting disables connecting and disconnecting removable devices from within the virtual machine. The diskShrink setting shrinks the virtual disk. The diskWiper defragments virtual disks. These last two settings could effectively cause a DoS by having the virtual disk defragmented and shrunk on demand. The commands that should be disabled are listed: isolation.device.connectable.disable = “TRUE” isolation.tools.diskShrink.disable = “TRUE” isolation.tools.diskWiper.disable = “TRUE” |
| STIG | Date |
|---|---|
| VMware ESX 3 Virtual Center | 2016-05-03 |
Details
| Check Text ( C-16256r1_chk ) |
|---|
| 1. Login to VirtualCenter with the VI Client and select a virtual machine from the inventory panel. The configuration page for the virtual machine appears with the Summary tab displayed. 3. Click Options > Advanced > Configuration Parameters to open the Configuration Parameters dialog box. 4. Verify the following is displayed in the result: isolation.device.connectable.disable true isolation.tools.diskShrink.disable true isolation.tools.diskWiper.disable true If these are not configured, this is a finding. |
| Fix Text (F-15857r1_fix) |
|---|
| Disable configuration tools for the virtual machine. |