Highlighted
Enthusiast
Enthusiast

Tripwire with vSphere 5.0

Our security/compliance team is looking to scan our ESXi 5.0 Hosts with Tripwire. I think earlier Tripwire builds for ESX would log directly into the Host but with the advent of ESXi, I assume that access methodology has changed. I'm trying to minimize access to vCenter (or ESXi Hosts) to exactly what is needed for Tripwire. The compliance guys don't really know. I'll probvably set something up with the vendor but, I wanted to check here first. Does anyone here utilize tripwire and familiar with the specific requirements for functionality?

0 Kudos
3 Replies
Highlighted
Enthusiast
Enthusiast

Their had been a known issue with VMware where :

After running a security hardening tool  "Tripwire configcheck" /etc/pam.d/su is inadvertently gets modified with uncommented lines as below which causes the issue :

#auth       sufficient   /lib/security/$ISA/pam_wheel.so trust use_uid
#auth       required     /lib/security/$ISA/pam_wheel.so use_uid

To resolve this issue, edit /etc/pam.d/su so that the lines above appear as:


# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth       sufficient   /lib/security/$ISA/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth       required     /lib/security/$ISA/pam_wheel.so use_uid

If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful.
0 Kudos
Highlighted
Enthusiast
Enthusiast

I appreciate the information but my question is more general than that. I was wanting to hear from anyone who happened to have experience deploying Tripwire in a VMWare virtual environment but specifically about the authentication requirements. I prefer to avoid providing direct Host level access to any tools. With ESXi many vendors have shifted from direct Host access to vCenter access. I'm wondering if Tripwire is the same and looking for the minimum permissions for Tripwire to scan ESXi 5.0 or 5.5. I'll be contacting the vendor but just posting here to see if anyone was fmailiar with the tool.

0 Kudos
Highlighted
Contributor
Contributor

The Tripwire Customer Center (https://tripwireinc.force.com/customers/home/home.jsp) has some articles that ought to be helpful for you.  Look up "Adding and configuring the VMware VirtualCenter node" or "VMWare Virtual Center Nodes", or just search on "ESXi 5". There are one-page docs that can give you port and connection requirements.

0 Kudos