Detections
Analytics

CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal

Audit Details

Name: CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal

Updated: 4/29/2024

Authority: CIS

Plugin: Unix

Revision: 1.0

Estimated Item Count: 16

File Details

Filename: CIS_VMware_ESXi_8.0_v1.1.0_L1_Bare_Metal.audit

Size: 32.1 kB

MD5: f238528579b9a12821f8e512564176a1
SHA256: c6be940dd67f734c211781f1876e54c4b43b73cf8ad6d027dbeb27b8e32349db

Audit Items

DescriptionCategories
2.4 (L1) Host image profile acceptance level must be PartnerSupported or higher

SYSTEM AND SERVICES ACQUISITION

2.11 (L1) Host must use sufficient entropy for cryptographic operations

CONFIGURATION MANAGEMENT, MAINTENANCE

6.4.1 (L1) Host SNMP services, if enabled, must limit access

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.1 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated ciphers

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.2 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated cryptographic modules

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.3 (L1) Host SSH daemon, if enabled, must not allow use of gateway ports

CONFIGURATION MANAGEMENT

6.5.4 (L1) Host SSH daemon, if enabled, must not allow host-based authentication

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.5 (L1) Host SSH daemon, if enabled, must set a timeout count on idle sessions

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessions

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.7 (L1) Host SSH daemon, if enabled, must display the system login banner before granting access

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.8 (L1) Host SSH daemon, if enabled, must ignore .rhosts files

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.9 (L1) Host SSH daemon, if enabled, must disable stream local forwarding

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.10 (L1) Host SSH daemon, if enabled, must disable TCP forwarding

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.11 (L1) Host SSH daemon, if enabled, must not permit tunnels

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.12 (L1) Host SSH daemon, if enabled, must not permit user environment settings

CONFIGURATION MANAGEMENT, MAINTENANCE

CIS_VMware_ESXi_8.0_v1.1.0_L1_Bare_Metal.audit from CIS VMware ESXi 8.0 Benchmark v1.1.0