vSphere UI plugins must be authorized before use.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-256786	VCUI-70-000009	SV-256786r889357_rule		Medium

Description

The vSphere UI ships with a number of plugins out of the box. Any additional plugins may affect the availability and integrity of the system and must be approved and documented by the information system security officer (ISSO) before deployment.

STIG	Date
VMware vSphere 7.0 vCenter Appliance UI Security Technical Implementation Guide	2023-06-15

Details

Check Text (C-60461r889355_chk)

At the command prompt, run the following command:

# diff <(find /usr/lib/vmware-vsphere-ui/plugin-packages/vsphere-client/plugins -type f|sort) <(rpm -ql vsphere-ui|grep "/usr/lib/vmware-vsphere-ui/plugin-packages/vsphere-client/plugins/"|sort)

If there is any output, this indicates a vSphere UI plugin is present that does not ship with the vCenter Server Appliance (VCSA).

If this plugin is not known and approved, this is a finding.

Fix Text (F-60404r889356_fix)

For every unauthorized plugin returned by the check, run the following command:

# rm <file>