Detections
Analytics

CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal

Audit Details

Name: CIS VMware ESXi 8.0 v1.1.0 L1 Bare Metal

Updated: 6/17/2024

Authority: CIS

Plugin: Unix

Revision: 1.1

Estimated Item Count: 16

File Details

Filename: CIS_VMware_ESXi_8.0_v1.1.0_L1_Bare_Metal.audit

Size: 32.1 kB

MD5: 201e7dcac6aa2da15f1dda66985ed980
SHA256: 2141bb33ebd740235c6632951b61d96a5d15886ec6ec2d3abea5aa5befbfda80

Audit Items

DescriptionCategories
2.4 (L1) Host image profile acceptance level must be PartnerSupported or higher

SYSTEM AND SERVICES ACQUISITION

2.11 (L1) Host must use sufficient entropy for cryptographic operations

CONFIGURATION MANAGEMENT, MAINTENANCE

6.4.1 (L1) Host SNMP services, if enabled, must limit access

CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.1 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated ciphers

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.2 (L1) Host SSH daemon, if enabled, must use FIPS 140-2/140-3 validated cryptographic modules

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

6.5.3 (L1) Host SSH daemon, if enabled, must not allow use of gateway ports

CONFIGURATION MANAGEMENT

6.5.4 (L1) Host SSH daemon, if enabled, must not allow host-based authentication

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.5 (L1) Host SSH daemon, if enabled, must set a timeout count on idle sessions

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.6 (L1) Host SSH daemon, if enabled, must set a timeout interval on idle sessions

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.7 (L1) Host SSH daemon, if enabled, must display the system login banner before granting access

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.8 (L1) Host SSH daemon, if enabled, must ignore .rhosts files

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.9 (L1) Host SSH daemon, if enabled, must disable stream local forwarding

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.10 (L1) Host SSH daemon, if enabled, must disable TCP forwarding

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.11 (L1) Host SSH daemon, if enabled, must not permit tunnels

CONFIGURATION MANAGEMENT, MAINTENANCE

6.5.12 (L1) Host SSH daemon, if enabled, must not permit user environment settings

CONFIGURATION MANAGEMENT, MAINTENANCE

CIS_VMware_ESXi_8.0_v1.1.0_L1_Bare_Metal.audit from CIS VMware ESXi 8.0 Benchmark v1.1.0