Detections
Analytics
VCENTER-000019 - Access to SSL certificates must be restricted.
Information
The SSL certificate can be used to impersonate vCenter and decrypt the vCenter database password. By default, only the service user account and the vCenter Server administrators can access the directory containing the SSL certificates. The directory that contains the SSL certificates only needs to be accessed by the service account user on a regular basis. Occasionally, when collecting data for support purposes, the vCenter Server system administrator might need to access it. The permissions should be checked on a regular basis to ensure they have not been changed to add unauthorized users.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Ensure the Windows file permission on the SSL certificate directory files are set so only the vCenter service account and authorized vCenter Server Administrators can access them. Ensure the directory and all files within are only accessible to the service user (System) and authorized vCenter Server administrators. The location by default for vCenter this is C:\ProgramData\VMware\VMware VirtualCenter\SSL and for the Inventory Service SSL certificate is C:\Program Files\VMware\Infrastructure\Inventory Service\ssl.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMW_ESXi5_vCenter_Server_V2R1_STIG.zip
Item Details
Audit Name: DISA STIG VMWare ESXi vCenter 5 STIG v2r1
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Group-ID|V-39557, Rule-ID|SV-250738r799904_rule, STIG-ID|VCENTER-000019, STIG-Legacy|SV-51415, STIG-Legacy|V-39557, Vuln-ID|V-250738
Plugin: VMware
Control ID: 4f48c20db13f8d95a2db1571eac7881bff78b8875f85c4c4ba0d5b41d48c6b69