Rule ID
SV-256435r959010_rule
Version
V1R4
CCIs
CCI-000366
OpenSLP implements the Service Location Protocol to help CIM clients discover CIM servers over TCP 427. This service is not widely needed and has had vulnerabilities exposed in the past. To reduce attack surface area and following the minimum functionality principal, the OpenSLP service must be disabled unless explicitly needed and approved. Note: Disabling the OpenSLP service may affect monitoring and third-party systems that use the WBEM DTMF protocols.
From the vSphere Client go to Hosts and Clusters.
Select the ESXi Host >> Configure >> System >> Services.
Locate the "slpd" service and verify that the "Daemon" is "Stopped" and the "Startup Policy" is set to "Start and stop manually".
or
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"}
If the slpd service does not have a "Policy" of "off" or is running, this is a finding.From the vSphere Client go to Hosts and Clusters.
Select the ESXi Host >> Configure >> System >> Services.
Select the "slpd" service. If the service is started, click "Stop".
Click "Edit Startup Policy...". Select "Start and stop manually". Click "OK".
or
From a PowerCLI command prompt while connected to the ESXi host, run the following command:
Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"} | Set-VMHostService -Policy Off
Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"} | Stop-VMHostService