1 Reply Latest reply: Jun 5, 2013 8:08 AM by njones RSS

Tenable VMware Best Practices Audit

njones

Synopsis:

 

Tenable VMware Best Practices audit

 

 

Description:

 

In developing the VMware vSphere Hardening Guide several additional items were identified that provide useful information to an administrator. In order to capture some of that information an additional audit file was produced by adding additional checks to capture items not covered by the VMware Hardening Guide. The additional checks provide a wider view of the environment with an emphasis on ESXi and VM level settings.

 

If a user is looking for a direct audit against the vSphere Hardening Guide, a specific audit file for that can be found here.

 

One of the advantages of this audit is in the way the checks themselves are constructed. In most cases, each check can be modified simply by adding or removing a regex and expect item in order to see a broad overview or carefully filter the results to be returned.

 

Taking the check for allocated memory as an example (VM: vm-allocated-memory), the same basic check can be used to see a listing of the memory allocations to all virtual machines by removing or commenting out the regex and expect items.

VMware_Best_Practices.png


By adding the following:

    regex: “VM Allocated Memory : ”
    not_expect: “VM Allocated Memory : (512|5[0-1][0-9]|[1-4][0-9][0-9]|[1-9][0-9]) MB”

The check can now alert on any virtual machines with 512 MB or less of allocate memory and return those results.

 

VMware_Best_Practices2.png
 
This type of customization makes enforcing policies like minimum and maximum memory limits very simple.

 

Similarly, filtering the complete list of guest operating systems as shown here is just as simple.

 

VMware_Best_Practices3.png

Filtering only for ‘Other’ or CentOS can be accomplished by adding the following regex item to the existing check.

    regex: “ - (Other|CentOS)”

 

VMware_Best_Practices4.png


Alerting when a virtual machine returns an OS value of ‘Other’ only requires adding the additional not_expect item to the regex above.

    not_expect: “ - Other”

 

VMware_Best_Practices5.png

By providing this level of customization and the additional checks beyond those included in the Hardening Guide this Best Practices audit file would also make a great base for mapping to other standards like PCI, CIS Benchmarks or DISA STIGs.

 

VMware_Best_Practices6.png

Total Checks:

 

183

 

Files included:

 

Tenable_VMware_vSphere_Best_Practices.audit

 

Location:

 

Tenable Support Portal - under "Tenable Configuration Audits"