Security Audit – Syslog Collector

Centralized logging will can be done by deploying a syslog server and using this to collect and manage logs.  An easy option is to install the syslog server bundled with the vCenter installation, in this post I’ll walk through configuration on a Windows box, an discuss some of the caveats of this approach. This install …

Security Audit – ESXi log retention

Hypervisor Retention of Logs on Disk Logs are not saved according to a period of time, but according to size, so once the log gets to X size a number is appended and a new log created.  The number of logs saved is the rotation – 16 rotation = 16 logs saved. For hypervisor logs …

security audit survival guide

The main point of a security audit is not to try and strangle the auditor, he is just doing his job, although you might think he is there to make your life impossible. I have put together a collection of posts, so you need not fear the dreaded visit of the men in dark suits… …

Security Audit – Set time source

For logging to be valid a time source (ntp server) should be set on each host To configure or change the setting see the post Reconfigure NTP Servers by esx cluster as this will save you heaps of time…:-)   This configuration can then be validated through powerCLI or vCenter Get-VMHost <hostname> | Select Name, …

Security Audit – Set and validate lock down mode for multiple hosts

It seems like the audit community have understood lockdown mode and are typically requesting that it is applied By enabling lockdown mode, no users other than vpxuser have authentication permissions, nor can they perform operations against the host directly. Lockdown mode forces all operations to be performed through vCenter Server. Though be warned if you …

Security Audit – Set ssh timeouts

Security auditors will consider ssh access a vulnerability. This can be mitigated by setting timeout values and linking the starting of the service to a vCenter user When a ssh session is needed the service will have to be started from the vCenter or DCUI. (In the case of DCUI access, either physical controls to the data …

Security Audit – esxi logon

How are are you going to control logon to the esxi hosts? One solution is to add hosts to the domain, and then use active directory nominal accounts and groups assignments to access the esxi servers. The advantage of this is that account creation, permissions and policies are set in the domain and will be covered by the …