| TNS_BestPractice_Citrix_XenServer.audit from TNS Citrix XenServer Best Practices | |
| XenServer - Administrative actions are logged | |
| XenServer - All network interfaces are operating in full-duplex mode | |
| XenServer - Auto-start is not enabled | |
| XenServer - Disable promiscuous mode on all network interfaces | |
| XenServer - Disallow unplug detection on the storage network interface | |
| XenServer - Enable only necessary and secure services, protocols, daemons - 'lwsmd' | CONFIGURATION MANAGEMENT |
| XenServer - Enable only necessary and secure services, protocols, daemons - 'snapwatchd' | CONFIGURATION MANAGEMENT |
| XenServer - Enable only necessary and secure services, protocols, daemons - 'sshd' | CONFIGURATION MANAGEMENT |
| XenServer - Enable port locking by default on the VM guest network | |
| XenServer - Enable QoS on all VM guests | |
| XenServer - Enable remote syslog | AUDIT AND ACCOUNTABILITY |
| XenServer - Ensure IP forwarding is disabled | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - External authentication is disabled | |
| XenServer - High availability is enabled | |
| XenServer - Host is enabled | |
| XenServer - Host version | CONFIGURATION MANAGEMENT |
| XenServer - Identify a network interface to be used for storage access | CONFIGURATION MANAGEMENT |
| XenServer - Install a trusted CA certificate on the pool | |
| XenServer - Install a trusted certificate in place of the default self-signed SSL certificate | |
| XenServer - List bonded NIC groups | CONFIGURATION MANAGEMENT |
| XenServer - List crash dumps | CONFIGURATION MANAGEMENT |
| XenServer - List halted VMs | CONFIGURATION MANAGEMENT |
| XenServer - List networks | CONFIGURATION MANAGEMENT |
| XenServer - List non-default VM templates | |
| XenServer - List patches | SYSTEM AND INFORMATION INTEGRITY |
| XenServer - List physical storage locations | CONFIGURATION MANAGEMENT |
| XenServer - List running VMs | CONFIGURATION MANAGEMENT |
| XenServer - List security roles | ACCESS CONTROL |
| XenServer - List users | ACCESS CONTROL |
| XenServer - List virtual disks | CONFIGURATION MANAGEMENT |
| XenServer - List VLANs | CONFIGURATION MANAGEMENT |
| XenServer - List VM CPU allocations | CONFIGURATION MANAGEMENT |
| XenServer - List VM memory allocations | CONFIGURATION MANAGEMENT |
| XenServer - NTP client configured | AUDIT AND ACCOUNTABILITY |
| XenServer - Only allow access to required network services | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - Passwords stored in 'secrets' are not visible | |
| XenServer - Restrict allowed IPv4 addresses used by each VM guest | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - Restrict allowed IPv6 addresses used by each VM guest | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - Review accounts used to mount remote storage | CONFIGURATION MANAGEMENT |
| XenServer - Snapshots are not present | |
| XenServer - The hosts.allow file limits access to the local network | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - The hosts.deny file blocks access by default | SYSTEM AND COMMUNICATIONS PROTECTION |
| XenServer - Use a static IP on the management network interface | |
| XenServer - Use a static IP on the storage network interface | |
| XenServer - XAPI SSL certificate is in default location | CONFIGURATION MANAGEMENT |
