The ESXi host OpenSLP service must be disabled.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-258786	ESXI-80-000231	SV-258786r933419_rule		Medium

Description
OpenSLP implements the Service Location Protocol to help CIM clients discover CIM servers over TCP 427. This service is not widely needed and has had vulnerabilities exposed in the past. To reduce attack surface area and following the minimum functionality principal, the OpenSLP service must be disabled unless explicitly needed and approved. Note: Disabling the OpenSLP service may affect monitoring and third-party systems that use the WBEM DTMF protocols.

Description

OpenSLP implements the Service Location Protocol to help CIM clients discover CIM servers over TCP 427. This service is not widely needed and has had vulnerabilities exposed in the past. To reduce attack surface area and following the minimum functionality principal, the OpenSLP service must be disabled unless explicitly needed and approved. Note: Disabling the OpenSLP service may affect monitoring and third-party systems that use the WBEM DTMF protocols.

STIG	Date
VMware vSphere 8.0 ESXi Security Technical Implementation Guide	2023-10-11

Details

Check Text ( C-62526r933417_chk )
From the vSphere Client go to Hosts and Clusters. Select the ESXi Host >> Configure >> System >> Services. Under "Services", locate the "slpd" service and verify it is "Stopped" and the "Startup Policy" is set to "Start and stop manually". or From a PowerCLI command prompt while connected to the ESXi host, run the following command: Get-VMHost \| Get-VMHostService \| Where {$_.Label -eq "slpd"} If the slpd service does not have a "Policy" of "off" or is running, this is a finding.

Check Text ( C-62526r933417_chk )

From the vSphere Client go to Hosts and Clusters.

Select the ESXi Host >> Configure >> System >> Services.

Under "Services", locate the "slpd" service and verify it is "Stopped" and the "Startup Policy" is set to "Start and stop manually".

or

From a PowerCLI command prompt while connected to the ESXi host, run the following command:

Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"}

If the slpd service does not have a "Policy" of "off" or is running, this is a finding.

Fix Text (F-62435r933418_fix)
From the vSphere Client go to Hosts and Clusters. Select the ESXi Host >> Configure >> System >> Services. Under "Services" select the "slpd" service and click the "Stop" button. Click "Edit Startup policy..." and select the "Start and stop manually" radio button. Click "OK". or From a PowerCLI command prompt while connected to the ESXi host, run the following commands: Get-VMHost \| Get-VMHostService \| Where {$_.Label -eq "slpd"} \| Set-VMHostService -Policy Off Get-VMHost \| Get-VMHostService \| Where {$_.Label -eq "slpd"} \| Stop-VMHostService

Fix Text (F-62435r933418_fix)

From the vSphere Client go to Hosts and Clusters.

Select the ESXi Host >> Configure >> System >> Services.

Under "Services" select the "slpd" service and click the "Stop" button.

Click "Edit Startup policy..." and select the "Start and stop manually" radio button. Click "OK".

or

From a PowerCLI command prompt while connected to the ESXi host, run the following commands:

Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"} | Set-VMHostService -Policy Off
Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"} | Stop-VMHostService