VMware Cloud Community
KDAS
Contributor
Contributor
‎06-17-2015 11:55 PM

Script required for ESXi server hardening

Hi Team,

Need to implement the hardening settings mentioned in the attached file in a production environment. Please do let me know if there is any script available to implement and verify the hardening settings on the ESXi servers (as per the attached file). There are 200+ ESXi servers and it would be very difficult to apply all the settings manually.

Please consider this as an urgent requirement and provide an update.Thank you

Regards,

Krishna

Preview file
40 KB
Reply
0 Kudos
6 Replies
GaneshNetworks
Expert
Expert
‎06-18-2015 12:09 AM

PowerCLI is a good option to automate your stuffs with more number of lines. But I would suggest you to use "Host Profiles". Refer: http://www.vmware.com/files/pdf/techpaper/VMW-Host-Profiles-Tech-Overview.pdf

Set all the security settings on one server manually. Create a host profile and apply it to all of them. You can have a better management also.

~GaneshNetworks™~ If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".
Reply
0 Kudos
LucD
Leadership
Leadership
‎06-18-2015 12:26 AM

Are you claiming that a Host Profile will capture all the rules mentioned in the Security Guidelines, and apply them on a target ESXi node ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
GaneshNetworks
Expert
Expert
‎06-18-2015 01:03 AM

Host profile wont capture all the rules mentioned. But it will dramatically reduce the time to apply changes made in "Advanced Configuration options", users, groups and others. Also it will give compliance view to ensure the hosts are configured as specified in profile.

Writing code for all the 109 settings mentioned in the guidelines, is time consuming and hard to arrange scripts. Only "Guru" like you can do it.

~GaneshNetworks™~ If you found this or other information useful, please consider awarding points for "Correct" or "Helpful".
Reply
0 Kudos
LucD
Leadership
Leadership
‎06-18-2015 03:08 AM

The advantage of scripting this, albeit complex, would be that you only have to do it once, and it can be easily shared.

Now this would be a great community project (vCheck style) :smileycool:


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
KDAS
Contributor
Contributor
‎06-29-2015 09:20 PM

Completely agree with you. I know that you are extremely good at scripting.

It would be of great help if you can provide a script to apply all the ESXi hardening settings mentioned in the excel sheet (shared earlier).

Reply
0 Kudos
rakoskjc
Contributor
Contributor
‎10-16-2015 06:12 AM

My company has remediation scripts for hardening ESXi boxes.  We worked closely with VMware on the creation of the the Hardening guides.

check out Homepage | Benchmarks | Center for Internet Security

hope this helps

we also have remediation content for windows and linux operating systems as well as others.

Reply
0 Kudos