VMware

This Question is Possibly Answered

1 "correct" answer available (10 pts) 2 "helpful" answers available (6 pts)
2 Replies Last post: Nov 7, 2009 12:34 PM by ihristov  

Securing VMware Server 2 on Linux posted: Feb 6, 2009 6:58 AM

Click to view weissadam's profile Lurker
weissadam
1 posts since
Feb 6, 2009

Hey Folks,

I just installed VMware Server 2 on a Linux host and I notice that it has opened up and is listening on a bunch of ports. Is there somewhere where I can tell VMware to only bind to localhost or can centrally control it with tcpwrapper style access controls? I'm not thrilled about having a bunch of ports open and I'd rather not screw with iptables.

Thanks in advance for any help!

--adam


Tags: 2, linux, security, ports, network, server

Re: Securing VMware Server 2 on Linux

1. Feb 6, 2009 7:36 AM in response to: weissadam
Click to view Anrjo's profile Novice
Anrjo
16 posts since
Feb 5, 2009
Well one of the 1st things I did when looking at the VMware Server install was to see what daemons it was running. And I never really saw anything that was a cause of concern for me. Yeah it did open up a few more ports but all of them look to have valid reasons.

vmware-authd -- The server's auth daemon for making sure that all VMware console connections are legit.
vmware-hostd -- The server's webAccess wrapper.
vmware-natd -- The server's NAT daemon. Should not be on unless you install that functionality of course. Also it will show up multiple times in a netstat if you have opened up any ports in /etc/vmware/vmnet8/nat/nat.conf.

And for some reason the webAccess has some IPv6 ports open. I suppose those are my only real questionable ones but if they are of any real concern to you I'd just block them all fully.

Re: Securing VMware Server 2 on Linux

2. Nov 7, 2009 12:34 PM in response to: weissadam
Click to view ihristov's profile Novice
ihristov
11 posts since
Jul 20, 2006

My sentiment exactly.

Of course the daemons are there for a reason, but all of them are running as root.

I am counting 7 daemons and 5 tcp ports accepting connections, where IMO only 2 should be open - 902 and 83333 (https)

  • usr/bin/vmware-watchdog
  • /usr/lib/vmware/webAccess/java/jre1.5.0_15/bin/webAccess
  • /usr/bin/vmnet-dhcpd
  • /usr/bin/vmnet-natd
  • /usr/sbin/vmware-authdlauncher
  • /usr/lib/vmware/bin/vmware-hostd
  • /usr/lib/vmware/bin/vmware-vmx


Why does Tomcat (webAccess) has to run as root? That does not seem normal.

$ sudo netstat -natp | grep LISTEN | grep -v 127.0.0.1
tcp 0 0 0.0.0.0:902 0.0.0.0:* LISTEN 8862/vmware-authdla
tcp 0 0 0.0.0.0:8009 0.0.0.0:* LISTEN 6974/webAccess
tcp 0 0 0.0.0.0:8333 0.0.0.0:* LISTEN 8951/vmware-hostd
tcp 0 0 0.0.0.0:8308 0.0.0.0:* LISTEN 6974/webAccess
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 5332/sshd
tcp 0 0 0.0.0.0:8221 0.0.0.0:* LISTEN 8951/vmware-hostd

Actions

VMware Developer

SDKs, APIs, Videos, Learn and much more in the Developer community.

Learn More

Developer Sample Code

Increase your developer productivity with VMware API sample code.

Learn More

VMworld Sessions & Labs

Online access to the latest VMworld Sessions & Labs and online services.

Learn more

Purchase PSO Credits Online

Purchase credits to redeem training and consulting services online.

Buy Now

Community Hardware Software

View reported configurations or report your own.

Learn More

VMware vSphere

Come witness the next giant leap in virtualization.

Register Today

Communities