Archive for June 4th, 2008
ESX Security Hardening Tool
In lieu of run-virtual.com’s posting this morning, there is a free compact tool from Tripwire called configcheck for verifying the security and compliancy of an ESX server according to VMware’s best practice. It is designed to check configuration parameters of and relating to the following:
- Virtual network labeling
- Port Group settings
- Network isolation for VMotion and iSCSI
- NIC Mode settings/Layer 2 Security settings
- MAC address parameters
- VMware ESX Service Console security settings
- SAN resource masking and zoning
- Disk partitioning for Root File System
- VirtualCenter database configuration
- Configuration changes
This was a tool jointly developed with VMware, so expect it to be thorough and updated according to future versions. Below are links for a remediation guide for step by step instructions to correct any failures as well as VMware’s own security hardening documentation.
TripWire Remediation Guide
VMware Infrastructure 3 Security Hardening
