forked from mondoohq/cnspec-policies
-
Notifications
You must be signed in to change notification settings - Fork 0
/
mondoo-vmware-vulnerability.mql.yaml
53 lines (45 loc) · 1.98 KB
/
mondoo-vmware-vulnerability.mql.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# Copyright (c) Mondoo, Inc.
# SPDX-License-Identifier: BUSL-1.1
policies:
- uid: mondoo-vmware-vulnerability
name: VMware vCenter Vulnerability Policy
version: 1.1.0
license: BUSL-1.1
tags:
mondoo.com/category: security
mondoo.com/platform: vmware,vmware-esxi
authors:
- name: Mondoo, Inc
email: [email protected]
docs:
desc: |
## Overview
Mondoo OpenSSL VMware vCenter Policy checks for vulnerable vCenter/ESXi configuration. It should be used in combination with the Platform Vulnerability Policy to identify missing patches.
### Run policy
To run this policy against VMware vCenter:
```bash
cnspec scan vsphere [email protected]@192.168.5.24 --ask-pass -f core/mondoo-vmware-vulnerability.mql.yaml
```
## Join the community!
Our goal is to build policies that are simple to deploy, accurate, and actionable.
If you have any suggestions for how to improve this policy, or if you need support, [join the community](https://github.com/orgs/mondoohq/discussions) in GitHub Discussions.
groups:
- title: VMware ESXi
filters: asset.platform == "vmware-esxi"
checks:
- uid: mondoo-vmware-vulnerability-slpd-not-running
queries:
- uid: mondoo-vmware-vulnerability-slpd-not-running
title: Ensure the slpd service is not running
mql: vsphere.host.services.none(key == "slpd" && running == true)
docs:
desc: |
In 2021, ESXi 7.0 U2c and ESXi 8.0 GA began shipping with the service disabled by default.
remediation: ""
refs:
- url: https://blogs.vmware.com/security/2023/02/83330.html
title: VMware Security Response Center (vSRC) Response to 'ESXiArgs' Ransomware Attacks
- url: https://www.vmware.com/security/advisories/VMSA-2021-0002.html
title: VMSA-2021-0002
- url: https://kb.vmware.com/s/article/76372
title: How to Disable/Enable the SLP Service on VMware ESXi (76372)