The ESXi host OpenSLP service must be disabled.

Severity	Group ID	Group Title	Version	Rule ID	Date	STIG Version
medium	V-258786	SRG-OS-000480-VMM-002000	ESXI-80-000231	SV-258786r933419_rule	2023-10-11	1

Description
OpenSLP implements the Service Location Protocol to help CIM clients discover CIM servers over TCP 427. This service is not widely needed and has had vulnerabilities exposed in the past. To reduce attack surface area and following the minimum functionality principal, the OpenSLP service must be disabled unless explicitly needed and approved. Note: Disabling the OpenSLP service may affect monitoring and third-party systems that use the WBEM DTMF protocols.

Description

OpenSLP implements the Service Location Protocol to help CIM clients discover CIM servers over TCP 427. This service is not widely needed and has had vulnerabilities exposed in the past. To reduce attack surface area and following the minimum functionality principal, the OpenSLP service must be disabled unless explicitly needed and approved. Note: Disabling the OpenSLP service may affect monitoring and third-party systems that use the WBEM DTMF protocols.

ℹ️ Check
From the vSphere Client go to Hosts and Clusters. Select the ESXi Host >> Configure >> System >> Services. Under "Services", locate the "slpd" service and verify it is "Stopped" and the "Startup Policy" is set to "Start and stop manually". or From a PowerCLI command prompt while connected to the ESXi host, run the following command: Get-VMHost \| Get-VMHostService \| Where {$_.Label -eq "slpd"} If the slpd service does not have a "Policy" of "off" or is running, this is a finding.

ℹ️ Check

From the vSphere Client go to Hosts and Clusters. Select the ESXi Host >> Configure >> System >> Services. Under "Services", locate the "slpd" service and verify it is "Stopped" and the "Startup Policy" is set to "Start and stop manually". or From a PowerCLI command prompt while connected to the ESXi host, run the following command: Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"} If the slpd service does not have a "Policy" of "off" or is running, this is a finding.

✔️ Fix
From the vSphere Client go to Hosts and Clusters. Select the ESXi Host >> Configure >> System >> Services. Under "Services" select the "slpd" service and click the "Stop" button. Click "Edit Startup policy..." and select the "Start and stop manually" radio button. Click "OK". or From a PowerCLI command prompt while connected to the ESXi host, run the following commands: Get-VMHost \| Get-VMHostService \| Where {$_.Label -eq "slpd"} \| Set-VMHostService -Policy Off Get-VMHost \| Get-VMHostService \| Where {$_.Label -eq "slpd"} \| Stop-VMHostService

✔️ Fix

From the vSphere Client go to Hosts and Clusters. Select the ESXi Host >> Configure >> System >> Services. Under "Services" select the "slpd" service and click the "Stop" button. Click "Edit Startup policy..." and select the "Start and stop manually" radio button. Click "OK". or From a PowerCLI command prompt while connected to the ESXi host, run the following commands: Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"} | Set-VMHostService -Policy Off Get-VMHost | Get-VMHostService | Where {$_.Label -eq "slpd"} | Stop-VMHostService