Detections
Analytics
ESXI-06-000070 - The system must not provide root/administrator level access to CIM-based hardware monitoring tools or other third-party applications.
Information
The CIM system provides an interface that enables hardware-level management from remote applications via a set of standard APIs. Create a limited-privilege, read-only service account for CIM. Grant this role to the user on the ESXi server. Place this user in the Exception Users list. When/where write access is required, create/enable a limited-privilege, service account and grant only the minimum required privileges.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
From the vSphere client, select the ESXi host; go to 'Local Users and Groups'. Create a limited-privileged, read-only service account for CIM. Place the CIM account into the 'root' group. Select Users and right-click in the user screen. Select 'Add', then Add a new user. If write access is required only grant the minimum required privileges. CIM accounts should be limited to the 'Host >> Config >> System Management' and 'Host >> CIM >> CIMInteraction' privileges.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_VMware_vSphere_6-0_ESXi_V1R5_STIG.zip
Item Details
Audit Name: DISA VMware vSphere ESXi 6.0 STIG v1r5
Category: CONFIGURATION MANAGEMENT
References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Group-ID|V-63309, Rule-ID|SV-77799r1_rule, STIG-ID|ESXI-06-000070, Vuln-ID|V-63309
Plugin: VMware
Control ID: 22f8318ee421fdf67154e584410ae34e7893370bc590695973f361a9ee0ae1aa