ESXi

 View Only
  • 1.  ESXI execInstalledOnly

    Posted 27 days ago

    Hello,

    I changed execInstalledOnly parameter of esxi host to True, But still i am able to install non-singed vib package on esxi host. Any one help out how this execInstalledOnly paramter works. As per Vmware doc, it is taking about, ESXi to only execute binaries that originated from a valid VIB installed on the host. My ESXi version is 6.7. 

    Name               Type  Configured  Runtime  Default  Description
    -----------------  ----  ----------  -------  -------  ------------------------------------------------------------------------------------------------------------------------------------------------------------
    execinstalledonly  Bool  TRUE        TRUE     FALSE 

    Non-singed pakage name :- VeeamCiscoHXFirewall           1.0.0-0.0.1                           Veeam   CommunitySupported  2024-05-23



    ------------------------------
    Sandy
    ------------------------------


  • 2.  RE: ESXI execInstalledOnly

    Broadcom Employee
    Posted 25 days ago

    execInstalledOnly does NOT prevent you from installing unsigned VIB, it prevents the execution or running of binaries that may have been placed on the host whether that is via SCP or delivered through an unsigned VIB.

    If you wish to prevent unsigned VIBs from being installed and booted, you need to ensure Secure Boot https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-5D5EE0D1-2596-43D7-95C8-0B29733191D9.html



    ------------------------------
    ----
    William Lam
    https://williamlam.com/
    ------------------------------



  • 3.  RE: ESXI execInstalledOnly

    Posted 23 days ago

    I never thought you would reply, Because i visited your many articles many times. it is very nicely explanation with proper solution. I am happy to see your reply.
    Can you please help me once more where I can check the exexelnstalledOnly which prevents the execution or running of unsigned binaries while any log file where all those logs are showing exexelnstalledOnly prevents the execution or running of binaries. Because my VeeamCiscoHXfirewall unsinged VIB is already on my host. Now I have to collect some evidence. Your answer on that question will be very useful for me.




  • 4.  RE: ESXI execInstalledOnly

    Posted 23 days ago

    Hi william,

    I never thought you would reply. I visited your article many times. It is very nicely explained. I am happy to see your reply

    Can you please help me once more where I can check the exexelnstalledOnly which prevents the execution or running of unsigned binaries while any log file where all those logs are showing exexelnstalledOnly prevents the execution or running of binaries. Because my VeeamCiscoHXfirewall unsinged VIB is already on my host. Now I have to collect some evidence. Your answer on that question will be very useful for me.

    Thanks.