Hi All,
Due to the security issue, I need to harden the ESXi 4.1 update 1 server.
One of the item need to change the folder permission for /var/log/vmware (the command is "chmod -R go-rwx /var/log/vmware/) and the change is successful.
However, after reboot the esxi server, the /var/log/vmware folder permission is changed back to normal (drwxr-xr-x).
Anyone have the idea for this? Is it ok to change the permission and without side effect?
Thanks so much.
I do not think changing permissions on system directories within ESXi 4.1 would be a supported configuration.
Would you consider simply using Lockdown mode instead to harden your ESXi box?
See;
http://blogs.vmware.com/esxi/2010/09/the-new-lockdown-mode-in-esxi-41.html
Regards,
Paul
Note that ESXi works on RAM... so permission changes will be changes to the default on next reboot.
Andre
For ESXi the files that survive a restart are the files located under /etc that are flagged as 'sticky'.
These files are backed up every hour.
You could do a hack and add the permission change commands to /etc/rc.local, this will run the command after the init scripts have completed when the ESXi host boots.
But I wouldn't recommend this approach.
Nick.
Thanks all.
Since our environment does not have the vCenter, the lockdown mode cannot enable.
Is there any document / article related to this issue which is not recommend for this kind of changes?