Hi Team,
Need to implement the hardening settings mentioned in the attached file in a production environment. Please do let me know if there is any script available to implement and verify the hardening settings on the ESXi servers (as per the attached file). There are 200+ ESXi servers and it would be very difficult to apply all the settings manually.
Please consider this as an urgent requirement and provide an update.Thank you
Regards,
Krishna
PowerCLI is a good option to automate your stuffs with more number of lines. But I would suggest you to use "Host Profiles". Refer: http://www.vmware.com/files/pdf/techpaper/VMW-Host-Profiles-Tech-Overview.pdf
Set all the security settings on one server manually. Create a host profile and apply it to all of them. You can have a better management also.
Are you claiming that a Host Profile will capture all the rules mentioned in the Security Guidelines, and apply them on a target ESXi node ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Host profile wont capture all the rules mentioned. But it will dramatically reduce the time to apply changes made in "Advanced Configuration options", users, groups and others. Also it will give compliance view to ensure the hosts are configured as specified in profile.
Writing code for all the 109 settings mentioned in the guidelines, is time consuming and hard to arrange scripts. Only "Guru" like you can do it.
The advantage of scripting this, albeit complex, would be that you only have to do it once, and it can be easily shared.
Now this would be a great community project (vCheck style) :smileycool:
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Completely agree with you. I know that you are extremely good at scripting.
It would be of great help if you can provide a script to apply all the ESXi hardening settings mentioned in the excel sheet (shared earlier).
My company has remediation scripts for hardening ESXi boxes. We worked closely with VMware on the creation of the the Hardening guides.
check out Homepage | Benchmarks | Center for Internet Security
hope this helps
we also have remediation content for windows and linux operating systems as well as others.