VM : restrict-host-info

Information

Do not send host information to guests.
By enabling a VM to get detailed information about the physical host, an adversary could potentially use this information to inform further attacks on the host.

If set to True a VM can obtain detailed information about the physical host. *The default value for the parameter is False but is displayed as Null. Setting to False is purely for audit purposes.*

This setting should not be TRUE unless a particular VM requires this information for performance monitoring.

http://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.security.doc/GUID-2CF880DA-2435-4201-9AFB-A16A11951A2D.html

Solution

# Add the setting to all VMs -
Get-VM | New-AdvancedSetting -Name "tools.guestlib.enableHostInfo" -value $false

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vSphere_6_0_Hardening_Guide_GA_15_Jun_2015.xls

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-4

Plugin: VMware

Control ID: 62219d7251bfae4f61962839185a39074fdce214e0eb3608f5227ea4b19ed863