Free ESX Host security analysis tool - Tripwire Config Check
Some time ago long before I started my blog I used an application called Trip Wire Config Check on some of my employers ESX Hosts. We are primarily a Microsoft software house so our technical experience of Linux / Unix was minimal before the introduction of ESX into our server estate. The config check application checks the current host configuration against the VI3 Security hardening guidelines reporting back any vunerabilities.
A some of the configuration parameters being checked include:
- Virtual network labeling
- Port Group settings
- Network isolation for VMotion and iSCSI
- NIC Mode settings / Layer 2 Security settings
- VMWare ESX Service Console security settings
- SAN resource masking and zoning
The results that the tripwire config check returned showed that we had a number of areas that needed to be addressed with our host security configurations. The results provided a great checklist of everything that was right and wrong with our current build procedures. Some of the items that came up we would never have even considered, some of them we felt were minor and could be ignored, others needed to be addressed immediately. I highly recommend taking a look at this free tool and running it against one of your standard host builds to see if you need to change it, hopefuly you won’t need to revist all your hosts.
Download your free copy of Tripwire - Config Check and check out the following blog post for installation and usage instructions.
Tripwire® ConfigCheckTM is a free utility that rapidly assesses the security of VMware ESX 3.0 and 3.5 hypervisor configurations compared to the VMware Infrastructure 3 Security Hardening guidelines. Developed by Tripwire in cooperation with VMware, Tripwire ConfigCheck ensures ESX environments are properly configured—offering immediate insight into unintentional vulnerabilities in virtual environments—and provides the necessary steps towards full remediation when they are not.
