Skip navigation

Error: You don't have JavaScript enabled. This tool uses JavaScript and much of it will not work correctly without it enabled. Please turn JavaScript back on and reload this page.

3 Replies Latest reply on Nov 20, 2019 5:45 AM by Zenid

Most critical files that must be monitoring on ESXi in terms of security

Zenid Nov 14, 2019 1:12 AM

Hi all,

I mean any critical points of ESXi, any files, or directory that must be monitored to detect any suspicious activity.

i.e (files that should stay static and change only when te system is deliberately updated):

/etc/vmware/hostd/config.xml
/etc/vmware/hostd/vmInventory.xml
/etc/vmware/hostd/vmAutoStart.xml
/etc/vmware/passthru.map
/etc/vmware/esx.conf
/etc/ntp.conf
/etc/resolv.conf
/etc/ssh/sshd_config
/etc/security/access.conf
/etc/vmsyslog.conf

I'll be very grateful for any guidance. Best regards,

JP Sáez

1. Re: Most critical files that must be monitoring on ESXi in terms of security

Amin Masoudifard Nov 14, 2019 10:01 AM (in response to Zenid)

Note this point: if you encounter a modification on your mentioned files in shell / SSH access, any commands from any user will be logged in the /var/log/shell.log file. If you are interested to check any suspicious CLI activities, check each of ESXi log files with a Syslog server that can be very useful.

Please mark my comment as the Correct Answer if this solution resolved your problem
1 person found this helpful
Like Show 1 Likes(1)

Actions
2. Re: Most critical files that must be monitoring on ESXi in terms of security

scott28tt Nov 14, 2019 12:31 PM (in response to Zenid)

This page is worth a look: Security Hardening Guides - VMware Security | UK
1 person found this helpful
Like Show 1 Likes(1)

Actions
3. Re: Most critical files that must be monitoring on ESXi in terms of security

Zenid Nov 20, 2019 5:45 AM (in response to Zenid)

Thanks you both for your reply !
Like Show 0 Likes(0)

Actions

Go to original post

More Like This

Legend

Correct Answers - 10 points