I/O Filter services - what are they used for?

mkaetm · ‎01-17-2022

Hello,

I found three iofilterd* services on one of our ESXi servers, whereas 2 of them are running and the third on is stopped:

[ladmin@atenteisesxv08:~] chkconfig --list | grep iofilter*
iofilterd-spm on
iofilterd-vmwarevmcrypt on
iofiltervpd off

What are they used for?

Our security scanner (Qualys Cloud Agent) found also vulnerabilities related to weak TLS ciphers and to iofilter services:

CIPHER KEY-EXCHANGE AUTHENTICATION MAC ENCRYPTION(KEY-STRENGTH) GRADE TLSv1.2 WITH 64-BIT CBC CIPHERS IS SUPPORTED DES-CBC3-SHA RSA RSA SHA1 3DES(168) MEDIUM ECDHE-RSA-DES-CBC3-SHA ECDH RSA SHA1 3DES(168) MEDIUM
Port:	9080/tcp

Any help would be appreciated. Thanks.

rkabelich · ‎01-17-2022

Hi,

there is a port reference at

https://kb.vmware.com/s/article/2131180

Maybe this helps a little bit.

Ron

depping · ‎01-17-2022

they are used for features like for instance VM Encryption, Storage IO Control, some third party solutions like "flash caching" or "replication".

mkaetm · ‎01-17-2022

Ok - It is getting clearer for me now.

Then we cannot just disable them, because we're using VM encryption.

Is there any other way to disable weak ciphers or do we have to wait for a patch?

depping · ‎01-17-2022

there's some info here about it, I never tried this myself though:

https://kb.vmware.com/s/article/79476

mkaetm · ‎01-17-2022

I have seen this KB article, but I will raise a support ticket.

depping · ‎01-17-2022

Probably smart indeed.

mpopielas · ‎02-09-2022

Hi, I'm facing the same issue.

I dig a little about this topic but haven't tried to disable RSA ciphers or totally shutdown that service yet.

I wonder if this is safe for vmware vcenter infrastructure ( we don't use encryption but there is something about storage IO - and we have connected arrays to that infrastructure )?

Any Idea if this will be fixed in upcoming update?

Is there raised support ticket?

All

I/O Filter services - what are they used for?

-