vCenter

 View Only
  • 1.  Why virtual machine hardening parameters are not define for vms

    Posted Dec 04, 2022 08:36 PM

    As you know there are some parameters for vsphere7 Hardening for virtual machines such as follow :

    isolation.tools.copy.disable

    isolation.tools.paste.disable

    isolation.tools.diskShrink.disable

    isolation.tools.diskWiper.disable

    But There are not any of above parameters on my vms . What should I do ?

    Do I have to insert them manually on all of VM ?



  • 2.  RE: Why virtual machine hardening parameters are not define for vms

    Posted Dec 04, 2022 09:00 PM

    yes exactly. you should enter them manually. via Edit Settings

    maksym007_0-1670187566706.jpeg



  • 3.  RE: Why virtual machine hardening parameters are not define for vms

    Posted Dec 04, 2022 09:28 PM

    That is so strange in security configuration guide just mentioned edit these parameters not saying about add parameters as new configuration



  • 4.  RE: Why virtual machine hardening parameters are not define for vms

    Posted Dec 04, 2022 09:39 PM

    You should find these parameters first if they are there and in case of need to edit them.

    When they are not listed there you should add them and adjust accordingly your needs



  • 5.  RE: Why virtual machine hardening parameters are not define for vms

    Broadcom Employee
    Posted Dec 04, 2022 09:42 PM

    I wonder if these parameters are saved as part of a template configuration?

    I also wonder if you can apply them to an existing VM estate with something like PowerCLI?



  • 6.  RE: Why virtual machine hardening parameters are not define for vms

    Posted Dec 04, 2022 09:56 PM

    Yes . We n add these parameters but want to know Does it recommend ? For example when we don't have :

    vm-7.disable-console-copy
    vm-7.disable-console-paste

    so we cannot do copy -paste between system and console so why should ass this parameter and change its value to True ?



  • 7.  RE: Why virtual machine hardening parameters are not define for vms

    Posted Dec 04, 2022 11:12 PM

    I believe if the parameters are not defined for a VM, then the default behaviour is the most secure one.

    So your audit should be to see if the key is specified in the advanced settings for the VM, and if it is then checks the value with the Key is the value required for hardening the VM.

    Alternatively, remove the advanced setting altogether.