Virtual machines (VMs) must remove unneeded parallel devices.
Severity | Group ID | Group Title | Version | Rule ID | Date | STIG Version |
|---|---|---|---|---|---|---|
| medium | V-258724 | SRG-OS-000480-VMM-002000 | VMCH-80-000211 | SV-258724r959010_rule | 2024-07-11 | 2 |
| Description |
|---|
| Ensure no device is connected to a virtual machine if it is not required. For example, floppy, serial, and parallel ports are rarely used for virtual machines in a data center environment, and CD/DVD drives are usually connected only temporarily during software installation. |
| ℹ️ Check |
|---|
| Parallel devices are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI. From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following command: Get-VM | Where {$_.ExtensionData.Config.Hardware.Device.DeviceInfo.Label -match "parallel"} If a virtual machine has a parallel device present, this is a finding. |
| ✔️ Fix |
|---|
| Parallel devices are no longer visible through the vSphere Client and must be done via the Application Programming Interface (API) or PowerCLI. The VM must be powered off to remove a parallel device. From a PowerCLI command prompt while connected to the ESXi host or vCenter server, run the following commands: $pport = (Get-VM -Name <vmname>).ExtensionData.Config.Hardware.Device | Where {$_.DeviceInfo.Label -match "Parallel"} $spec = New-Object VMware.Vim.VirtualMachineConfigSpec $spec.DeviceChange += New-Object VMware.Vim.VirtualDeviceConfigSpec $spec.DeviceChange[-1].device = $pport $spec.DeviceChange[-1].operation = "remove" (Get-VM -Name <vmname>).ExtensionData.ReconfigVM($spec) |