Re: Most critical files that must be monitoring on...

Zenid · ‎11-14-2019

Hi all,

I mean any critical points of ESXi, any files, or directory that must be monitored to detect any suspicious activity.

i.e (files that should stay static and change only when te system is deliberately updated):

/etc/vmware/hostd/config.xml
/etc/vmware/hostd/vmInventory.xml
/etc/vmware/hostd/vmAutoStart.xml
/etc/vmware/passthru.map
/etc/vmware/esx.conf
/etc/ntp.conf
/etc/resolv.conf
/etc/ssh/sshd_config
/etc/security/access.conf
/etc/vmsyslog.conf

I'll be very grateful for any guidance. Best regards,

JP Sáez

NathanosBlightc · ‎11-14-2019

Note this point: if you encounter a modification on your mentioned files in shell / SSH access, any commands from any user will be logged in the /var/log/shell.log file. If you are interested to check any suspicious CLI activities, check each of ESXi log files with a Syslog server that can be very useful.

Please mark my comment as the Correct Answer if this solution resolved your problem

scott28tt · ‎11-14-2019

This page is worth a look: Security Hardening Guides - VMware Security | UK

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

Zenid · ‎11-20-2019

Thanks you both for your reply !

All

Most critical files that must be monitoring on ESXi in terms of security