Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
The system must disable the datastore browser.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| VCENTER-000006 | VCENTER-000006 | VCENTER-000006_rule | Low |
| Description |
|---|
| The datastore browser enables viewing of all the datastores associated with the vSphere deployment, including all folders and files, such as VM files. This functionality is controlled by the site-specific, user permissions on vCenter Server. |
| STIG | Date |
|---|---|
| VMware vCenter Server Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-VCENTER-000006_chk ) |
|---|
| Verify the datastore browser is disabled: Determine the location of the vpxd.cfg file on the vCenter Server's Windows OS host. Edit the file and locate the Ensure that the following element is set. If the enableHttpDatastoreAccess element is set to true, this is a finding. |
| Fix Text (F-VCENTER-000006_fix) |
|---|
| Disable the datastore browser: Determine the location of the vpxd.cfg file on the Windows host. Edit the file and locate the Ensure that the following element is set Restart the vCenter Service to ensure the config file change(s) are in effect. |