OSSEC Policy monitor can check if a system is in compliance with the VMware Infrastructure 3 Security Hardening guidelines for ESX 3.5. This benchmark covers the virtual machines settings for ESX 3.0 and 3.5. In addition to that, since the ESX runs on Red Hat Linux, we also perform the Center for Internet Security Benchmark for Red Hat Enterprise Linux at the same time.
For every test that failed, you will receive an alert describing which section of the benchmark that failed. For example:
OSSECSystem Audit: System Audit: VMware ESX - VM settings - Copy operation between guest and console enabled.
File: /vmfs/volumes/485a72e0-dd49e4f1-796c-001517761286/bart-RHEL5-svm/bart-RHEL5-svm.vmx.
Reference: http://www.ossec.net/wiki/index.php/SecurityHardening_VMwareESX .
The above alert says that the specified virtual machine enables copy operations between itself and the VM console.
To receive more information about each section, please visit http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf and look for guidelines on how to solve each issue reported.
The VMware Infrastructure 3 Security Hardening guidelines for ESX 3.5 is available at: http://www.vmware.com/pdf/vi3_security_hardening_wp.pdf.
# /var/ossec/bin/rootcheck_control -i local
System Audit: System Audit: VMware ESX - Testing against the Security Hardening benchmark VI3 for ESX 3.5.
File: /etc/vmware-release.
Reference: http://www.ossec.net/wiki/index.php/SecurityHardening_VMwareESX .
System Audit: System Audit: VMware ESX - VM settings - Copy operation between guest and console enabled.
File: /vmfs/volumes/485a72e0-dd49e4f1-796c-001517761286/Nostalgia/Nostalgia.vmx.
Reference: http://www.ossec.net/wiki/index.php/SecurityHardening_VMwareESX .
System Audit: System Audit: VMware ESX - VM settings - Copy operation between guest and console enabled.
File: /vmfs/volumes/485a72e0-dd49e4f1-796c-001517761286/bart-RHEL5-svm/bart-RHEL5-svm.vmx.
Reference: http://www.ossec.net/wiki/index.php/SecurityHardening_VMwareESX .
System Audit: System Audit: VMware ESX - VM settings - Data Flow from the Virtual Machine to the Datastore not limited - Rotate size not 100KB.
File: /vmfs/volumes/485a72e0-dd49e4f1-796c-001517761286/bart-RHEL5-build/bart-RHEL5-build.vmx.
Reference: http://www.ossec.net/wiki/index.php/SecurityHardening_VMwareESX .
System Audit: System Audit: VMware ESX - VM settings - Unauthorized Removal or Connection of Devices allowed.
File: /vmfs/volumes/485a72e0-dd49e4f1-796c-001517761286/Nostalgia/Nostalgia.vmx.
Reference: http://www.ossec.net/wiki/index.php/SecurityHardening_VMwareESX .
System Audit: System Audit: VMware ESX - VM settings - Avoid Denial of Service Caused by Virtual Disk Modification Operations - diskWiper enabled.
File: /vmfs/volumes/485a72e0-dd49e4f1-796c-001517761286/Nostalgia/Nostalgia.vmx.
Reference: http://www.ossec.net/wiki/index.php/SecurityHardening_VMwareESX .