Re: Security lockdown for ESX 3.5

jamcm · ‎02-27-2009

Does anyone have a script or a standard to lockdown ESX 3.5?

vmroyale · ‎02-27-2009

Hello. Have you checked out ConfigCheck by Tripwire?

Good Luck!

gary1012 · ‎02-27-2009

CIS Benchmark

DISA STIG for VMware

VMware Communities DISA STIG SRR Script

VMware Security Hardening Guide

Community Supported, Community Rewarded - Please consider marking questions answered and awarding points to the correct post. It helps us all.

Texiwill · ‎03-01-2009

Hello,

Do you know to which standard you will be held? There are 3 basic standards/guidelines/benchmarks that gary1012 has mentioned. THere are several tools to test against these standards.... Once you know to what standard you will be held you will then have a way of measuring your hardening.

There are a few scripts hanging around. DISA SRR will go a long way but is geared towards DISA so you may have to make other modifications to meet the others.

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

jamcm · ‎03-02-2009

We are going to be measured on CIS

Texiwill · ‎03-02-2009

Hello,

CISecurity has automated tools for measuring the lock down according to the CIS Linux Benchmark and that tools has many false positives within it so its not very useful. Not only that it does not specifically apply to ESX. However, I did make a script that you can follow that should get you quite close to being secure. The script is however in the book I wrote (one of the Appendices). It was based off CISecurity Linux and Bastille Linux as no 'standard' was out at the time of writing. If you start there you can then add in the CISecurity ESX specific items. There are not many.

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

jamcm · ‎03-02-2009

Hi,

Yes I have a copy of the book. Will these scripts work in ESX 3.5? Is there an electronic copy i can use?

Thanks for your help!

Texiwill · ‎03-03-2009

Hello,

Yes I have a copy of the book. Will these scripts work in ESX 3.5?

Then should with some slight modifications everything is pretty close. I have ported my script to 3.5 with minor changes to the commands used.

Be sure to test on a dev system and if you have questions about the script send me a PM.

Is there an electronic copy i can use?

There are eBook versions that can be purchased or you can access it via Safari. I unfortunately am not in control of what the editors allow released. :}

Best regards,
Edward L. Haletky
VMware Communities User Moderator, VMware vExpert 2009
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs -- Top Virtualization Security Links -- Virtualization Security Round Table Podcast

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

All

Security lockdown for ESX 3.5