TNS Citrix Hypervisor

Audit Details

Name: TNS Citrix Hypervisor

Updated: 10/19/2022

Authority: TNS

Plugin: Unix

Revision: 1.7

Estimated Item Count: 46

File Details

Filename: TNS_BestPractice_Citrix_Hypervisor.audit

Size: 43.8 kB

MD5: 250e3ee4226eab5851e155e05a42030d
SHA256: 603dce6ed348085d37152775203aa15626a5a482dc64ac14a262e9d8f59bacc4

Audit Items

DescriptionCategories
Administrative actions are logged

AUDIT AND ACCOUNTABILITY

All network interfaces are operating in full-duplex mode

CONFIGURATION MANAGEMENT

Auto-start is not enabled

CONFIGURATION MANAGEMENT

Disable promiscuous mode on all network interfaces

CONFIGURATION MANAGEMENT

Disallow unplug detection on the storage network interface

CONFIGURATION MANAGEMENT

Enable only necessary and secure services, protocols, daemons - 'lwsmd'

CONFIGURATION MANAGEMENT

Enable only necessary and secure services, protocols, daemons - 'snapwatchd'

CONFIGURATION MANAGEMENT

Enable only necessary and secure services, protocols, daemons - 'sshd'

CONFIGURATION MANAGEMENT

Enable port locking by default on the VM guest network

SYSTEM AND COMMUNICATIONS PROTECTION

Enable QoS on all VM guests

SYSTEM AND COMMUNICATIONS PROTECTION

Enable remote syslog

AUDIT AND ACCOUNTABILITY

Ensure IP forwarding is disabled

SYSTEM AND COMMUNICATIONS PROTECTION

External authentication is disabled

IDENTIFICATION AND AUTHENTICATION

High availability is enabled

CONTINGENCY PLANNING

Host is enabled

CONFIGURATION MANAGEMENT

Host version

CONFIGURATION MANAGEMENT

Identify a network interface to be used for storage access

CONFIGURATION MANAGEMENT

Install a trusted CA certificate on the pool

SYSTEM AND COMMUNICATIONS PROTECTION

Install a trusted certificate in place of the default self-signed SSL certificate

SYSTEM AND COMMUNICATIONS PROTECTION

List bonded NIC groups

CONFIGURATION MANAGEMENT

List crash dumps

CONFIGURATION MANAGEMENT

List halted VMs

CONFIGURATION MANAGEMENT

List networks

CONFIGURATION MANAGEMENT

List non-default VM templates

CONFIGURATION MANAGEMENT

List patches

SYSTEM AND INFORMATION INTEGRITY

List physical storage locations

CONFIGURATION MANAGEMENT

List running VMs

CONFIGURATION MANAGEMENT

List security roles

ACCESS CONTROL

List users

ACCESS CONTROL

List virtual disks

CONFIGURATION MANAGEMENT

List VLANs

CONFIGURATION MANAGEMENT

List VM CPU allocations

CONFIGURATION MANAGEMENT

List VM memory allocations

CONFIGURATION MANAGEMENT

NTP client configured

AUDIT AND ACCOUNTABILITY

Only allow access to required network services

SYSTEM AND COMMUNICATIONS PROTECTION

Passwords stored in 'secrets' are not visible

IDENTIFICATION AND AUTHENTICATION

Restrict allowed IPv4 addresses used by each VM guest

SYSTEM AND COMMUNICATIONS PROTECTION

Restrict allowed IPv6 addresses used by each VM guest

SYSTEM AND COMMUNICATIONS PROTECTION

Review accounts used to mount remote storage

CONFIGURATION MANAGEMENT

Snapshots are not present

SYSTEM AND COMMUNICATIONS PROTECTION

The hosts.allow file limits access to the local network

SYSTEM AND COMMUNICATIONS PROTECTION

The hosts.deny file blocks access by default

SYSTEM AND COMMUNICATIONS PROTECTION

TNS_BestPractice_Citrix_Hypervisor.audit
Use a static IP on the management network interface

CONFIGURATION MANAGEMENT

Use a static IP on the storage network interface

CONFIGURATION MANAGEMENT

XAPI SSL certificate is in default location

CONFIGURATION MANAGEMENT