Anbei die Liste der auf vSphere Hardening Guide basierenden Symptome in vRealize Operations Manager 6.0.1
Compliance Symptome in vR Ops 6.0.1 (alphabetisch sortiert)
Sollten sie in ihrer Installation statt 20 und 49 “nur” 18 und 32 Regeln sehen, sind sie noch auf dem Stand von 6.0. Sie können jederzeit das Update auv 6.0.1 wiederholen und diesmal die Option zum Überschreiben des Out-of-the-box-contents auswählen.
ESX
ESXi Host is violating vSphere 5.5 Hardening Guide
(20 Symptome in 6.0.1)
- Active directory authentication disabled
- Bidirectional CHAP for iSCSI traffic disabled
- DCUI service is running
- Dvfilter bind ip address configured
- ESXi Shell service is running
- NTP Server for time synchronization not configured
- NTP service stopped
- Non-compliant DCUI access user list
- Non-compliant DCUI service startup policy
- Non-compliant ESXi Shell service startup policy
- Non-compliant NTP service startup policy
- Non-compliant SSH service startup policy
- Non-compliant firewall setting to restrict access to NTP Client
- Non-compliant firewall setting to restrict access to SNMP Server
- Non-compliant idle time before an interactive shell is automatically logged out
- Non-compliant timeout value for automatically disabling local and remote shell access
- Persistent logging disabled
- Remote syslog is not enabled
- SSH service is running
- vSphere Authentication Proxy not used for password protection when adding ESXi hosts to active directory
VMs
Alert: Virtual machine is violating vSphere 5.5 Hardening Guide
(49 Symptome in 6.0.1)
- 3D features is not disabled
- Allow VM to obtain detailed information about the physical host
- Allow unauthorized connect and disconnect of devices
- Allow unauthorized modification of device settings
- CD-ROM connected
- Console copy operation is not disabled
- Console drag and drop operation is not disabled
- Console paste operation is not disabled
- Dvfilter network API enabled
- Feature not exposed in vSphere: AutoLogon is not disabled
- Feature not exposed in vSphere: BiosBBS is not disabled
- Feature not exposed in vSphere: GetCreds is not disabled
- Feature not exposed in vSphere: HGFSServerSet is not disabled
- Feature not exposed in vSphere: LaunchMenu is not disabled
- Feature not exposed in vSphere: MemsFss is not disabled
- Feature not exposed in vSphere: Monitor Control is not disabled
- Feature not exposed in vSphere: Protocolhandler is not disabled
- Feature not exposed in vSphere: Shellaction is not disabled
- Feature not exposed in vSphere: Toporequest is not disabled
- Feature not exposed in vSphere: Trashfolderstate is not disabled
- Feature not exposed in vSphere: Trayicon is not disabled
- Feature not exposed in vSphere: Unity is not disabled
- Feature not exposed in vSphere: Unity-Interlock is not disabled
- Feature not exposed in vSphere: Unity-Taskbar is not disabled
- Feature not exposed in vSphere: Unity-Unityactive is not disabled
- Feature not exposed in vSphere: Unity-Windowcontents is not disabled
- Feature not exposed in vSphere: UnityPush is not disabled
- Feature not exposed in vSphere: Versionset is not disabled
- Floppy drive connected
- Non-compliant max VM log file count
- Non-compliant max VM log file size
- Non-compliant max VMX file size
- Non-compliant max number of remote console connections
- Parallel port connecte
- Serial port connected
- Shrink virtual disk is not disabled – diskShrink
- Shrink virtual disk is not disabled – diskWiper
- Tools auto install is not disabled
- USB controller connected
- Unrestricted VM-to-VM communication through VMCI
- Use independent nonpersistent disk
- VGA only mode is not enabled
- VIX message is not disabled
- VM console access via VNC protocol is not disabled
- VM logging is not disabled
- VMsafe CPU/memory API enabled
- VMsafe CPU/memory APIs – IP address configured
- VMsafe CPU/memory APIs – port number configured
- Versionget is not disabled