Posted by
Alan Renouf
Technical Marketing
Security Hardening, words that invoke fear into any vSphere Admins life. This normally means hundreds of manual checks, days or even months of work to not only test the system for its current compliance but also the work to remediate the issues and ensure your system is secure.
The golden rule of scripting also applies here:
“If you do it more than once, script it !”
With the recent release of the Security Hardening Guide for vSphere 5.0 you may have noticed a few changes.
Firstly the guide has now been released as a Excel document, this new format makes it easier to read and also filter for the changes which are appropriate to your environment.
Secondly a lot of work has been done in the guide to make it easier to check and remediate your systems. Within the guide you will now see new columns with pre-written ESXi Shell / vCLI and also PowerCLI code to help you both test and remediate the current security hardening guide item.
An example of this is below:
With this example code you can now easily copy and paste the items into a new PowerShell editor or window and create your own customized security hardening guide script to both check and remediate the entries listed. Obviously written in this format the entries will not be optimized but they will give you an example of how to check for an item and how to remediate it.
There will still be manual checks in there but hopefully this new format and code examples will help take some of the hard work out and make this task more interesting for the Admins out there that fear the Security Hardening guide and security officers.
