A couple of weeks ago I blogged about the vSphere Security Hardening Guide. Just a couple of days later William “the king of Perl” Lam already produced a script that checks the Hardening Guide best practices against your environment. It produces a great html based report.
While going through the COS/HOST and VM documentation, I noticed there were quite a few checks that might benefit from having a script to validate the guidelines and that was the motivation for this script. Not all sections can be validated using the vSphere APIs and will require some manual validation and I’ve seperated the types of passes whether it’s a fail, pass or manual (which requires user intervention).
The script allows you to run the current existing guides as of (01/29/2010) against vCenter 4.0 hosting ESX(i) 4.0 hosts/virtual machines OR run it against an individual ESX(i) 4.0 host. The script allows you to run a subset of the checks and against different type of validation (ENTERPRISE,DMZ or SSLF). Upon completion, a report is generated including a grade for your environment.
A couple of details on the features:
- Email report
- Ability to execute subset of the checks (COS,HOST,VCENTER,VNETWORK,VM)
- Ability execute specific test suite (ENTERPRISE,DMZ,SSLF)
- Detail HTML summary report with letter grade
You can find an example report here. Great work again William, keep it up!
Doug says
I tried running this against a test ESX 4 Update 1 host, and it moaned about software version incompatability. Assume this hasn’t been tested against/written for U1 yet?
William Lam says
Hi Doug,
This was tested again ESXi 4.0u1 hosts which should also work for classic ESX 4.0u1, unfortunately I don’t have enough capacity to deploy another to verify.
If you can paste the error you’re seeing on: http://communities.vmware.com/docs/DOC-11901 I can take a look when I get a chance.
Thanks
–William
David Beaudet says
Anything similar exist for the 4.1 version?
Piet says
And 5.0 ?