Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-39392 | SRG-OS-000126-ESXI5 | SV-51250r1_rule | Medium |
Description |
---|
If ESXi Shell is enabled on the host and a user forgets to logout of their SSH session the idle connection will remain indefinitely increasing the potential for someone to gain privileged access to the host |
STIG | Date |
---|---|
VMware ESXi Server 5.0 Security Technical Implementation Guide | 2013-09-12 |
Check Text ( C-46666r1_chk ) |
---|
From the vSphere client select the host and click "Configuration >> Advanced Settings". Select "UserVars.ESXiShellTimeOut" parameter and verify it is set to a value not to exceed 15 minutes. A value of 0 disables the ESXi Shell timeout. If the "UserVars.ESXiShellTimeOut" parameter is set to a value less than 1 or greater than 15, this is a finding. |
Fix Text (F-44405r1_fix) |
---|
From the vSphere client select the host and click "Configuration >> Advanced Settings". Select UserVars.ESXiShellTimeOut parameter and configure it to a value not to exceed 15 minutes. A value of 0 disables the ESXi Shell timeout. |