The system must disable the managed object browser.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| VCENTER-000007 | VCENTER-000007 | VCENTER-000007_rule | Low |
| Description |
|---|
| The managed object browser provides a way to explore the object model used by the vCenter to manage the vSphere environment; it enables configurations to be changed as well. This interface is used primarily for debugging, and might potentially be used to perform malicious configuration changes or actions. |
| STIG | Date |
|---|---|
| VMware vCenter Server Security Technical Implementation Guide | 2013-01-15 |
Details
| Check Text ( C-VCENTER-000007_chk ) |
|---|
| Verify the managed object browser is disabled: Determine the location of the vpxd.cfg file on the vCenter Server's Windows OS host. Edit the file and locate the Ensure that the following element is set. If the enableDebugBrowse element is set to true, this is a finding. |
| Fix Text (F-VCENTER-000007_fix) |
|---|
| Disable the managed object browser: Determine the location of the vpxd.cfg file on the Windows host. Edit the file and locate the Ensure that the following element is set. Restart the vCenter Service to ensure the config file change(s) are in effect. |