At the moment there is no security hardening guide for vSphere 5, and the vSphere Compliance Checker is also not compatible with vSphere 5. Both will eventually be updated, but until then what can you do to ensure that your hardening configuration has been applied correctly? The answer is running the VMware vSphere Security Hardening Report Check Script that was developed by William Lam. However to make it work with vSphere 5 there is a slight modification that is necessary.
The script itself can be obtained from the VMware Communities Web Site at http://communities.vmware.com/docs/DOC-11901. The site also contains usage instructions and a lot of good comments and feedback. You can execute the script from any system that has the Perl SDK installed, which includes the vSphere Management Appliance (vMA).
To get the script to work against vSphere 5 hosts A quick modification of the script is required. Update parts of the script as follows:
from: @supportedApiVer = qw(4.0.0 4.1.0);
to: @supportedApiVer = qw(4.0.0 4.1.0 5.0.0);
The output is in HTML form which compares environment configuration against the vSphere 4.x Security Hardening Guide. The vSphere 4.x hardening guide is a good starting point even on vSphere 5.0.
A big thanks to Andy Morse at Datacom New Zealand for providing this information and bringing this to my attention.
This post first appeared on the Long White Virtual Clouds blog at longwhiteclouds.com, by Michael Webster +. Copyright © 2012 – IT Solutions 2000 Ltd and Michael Webster +. All rights reserved. Not to be reproduced for commercial purposes without written permission.