Automation

 View Only
  • 1.  Script required for ESXi server hardening

    Posted Jun 18, 2015 06:56 AM

    Hi Team,

    Need to implement the hardening settings mentioned in the attached file in a production environment. Please do let me know if there is any script available to implement and verify the hardening settings on the ESXi servers (as per the attached file). There are 200+ ESXi servers and it would be very difficult to apply all the settings manually.

    Please consider this as an urgent requirement and provide an update.Thank you

    Regards,

    Krishna



  • 2.  RE: Script required for ESXi server hardening

    Posted Jun 18, 2015 07:09 AM

    PowerCLI is a good option to automate your stuffs with more number of lines. But I would suggest you to use "Host Profiles". Refer: http://www.vmware.com/files/pdf/techpaper/VMW-Host-Profiles-Tech-Overview.pdf

    Set all the security settings on one server manually. Create a host profile and apply it to all of them. You can have a better management also.



  • 3.  RE: Script required for ESXi server hardening

    Posted Jun 18, 2015 07:26 AM

    Are you claiming that a Host Profile will capture all the rules mentioned in the Security Guidelines, and apply them on a target ESXi node ?



  • 4.  RE: Script required for ESXi server hardening

    Posted Jun 18, 2015 08:03 AM

    Host profile wont capture all the rules mentioned. But it will dramatically reduce the time to apply changes made in "Advanced Configuration options", users, groups and others. Also it will give compliance view to ensure the hosts are configured as specified in profile.

    Writing code for all the 109 settings mentioned in the guidelines, is time consuming and hard to arrange scripts. Only "Guru" like you can do it.



  • 5.  RE: Script required for ESXi server hardening

    Posted Jun 18, 2015 10:08 AM

    The advantage of scripting this, albeit complex, would be that you only have to do it once, and it can be easily shared.

    Now this would be a great community project (vCheck style) :smileycool:



  • 6.  RE: Script required for ESXi server hardening

    Posted Jun 30, 2015 04:21 AM

    Completely agree with you. I know that you are extremely good at scripting.

    It would be of great help if you can provide a script to apply all the ESXi hardening settings mentioned in the excel sheet (shared earlier).



  • 7.  RE: Script required for ESXi server hardening

    Posted Oct 16, 2015 01:12 PM

    My company has remediation scripts for hardening ESXi boxes.  We worked closely with VMware on the creation of the the Hardening guides.

    check out Homepage | Benchmarks | Center for Internet Security

    hope this helps

    we also have remediation content for windows and linux operating systems as well as others.