Yesterday Tripwire released their free utility call TripWire ConfigCheck.

Together with VMWare Tripwire has developed this tool which helps to rapidly assess the security of your VMWare ESX 3.5 servers. Among other things the joint effort consists of VMWare delivering the VMWare Infrastructure 3 Security Hardening guidelines. This tool also provides the necessary steps that are needed for full remediation.

A couple of configuration parameters that are being checked are:

- Virtual network labeling
- Port Group settings
- Network isolation for VMotion and iSCSI
- NIC Mode settings / Layer 2 Security settings
- VMWare ESX Service Console security settings
- SAN resource masking and zoning

The website states that the system requirements are Windows Server 2003 + JRE 1.5 so that’s the official supported platform by TripWire. But as you can see in Gavin’s post below: Windows XP, Linux and even OS-X should work without a problem. Great work Gavin!

You can download the tool here.

Edit [10-6-2008 Matthijs] : Gavin Millard from TripWire yesterday published a “How To” concerning ConfigCheck : http://www.tripwire.org/blog/?p=38 . Kind-a-handy since there’s no official manual :).

Related articles

• July 21, 2008 -- Tripwire ConfigCheck Now Assesses VMware ESX 3.0 Hypervisor Configurations
• December 18, 2008 -- Register for free Veeam tool!
• December 5, 2008 -- VMware ESX 3.5 and thinprovisioning
• November 26, 2008 -- Virtualize SQL Servers? VMware says you should!
• November 23, 2008 -- What bad memory can do to your virtual machines
• November 14, 2008 -- Moving ESX hosts between Datacenters
• November 7, 2008 -- VMware ESX 3.5 Update 3: update older ESX versions with tarball
• October 16, 2008 -- Always usefull : concrete comparison between ESX3 and ESX3i
• August 14, 2008 -- VMWare releases new Builds
• July 29, 2008 -- VMware Powershell script - remove connected iso

Tags: ConfigCheck, ESX, Security, Tripwire, VMware

1. Gavin Millard Says:
   June 10th, 2008 at 10:58 pm

   Sorry to correct you but ConfigCheck also runs on XP and Linux without any issues. I’ve been running it on my XP desktop since release and it works like a charm.

   Let us know how you and your readers get on with our new little tool.

   [Reply]

2. Matthijs Haverink Says:
   June 11th, 2008 at 9:33 am

   Hello Gavin,

   I stand corrected and thank you for this correction !

   I do have to say that I got this information from your download site :

   http://www.tripwire.com/configcheck/configcheckdownload.cfm

   There it literally states : “System Requirements: Windows 2003 with JRE version 1.5 or later.”

   So if XP and Linux are officially supported you might like to add that to the System Requirements statement there, because you fooled me :).

   [Reply]

3. Gavin Millard Says:
   June 11th, 2008 at 9:51 am

   Now it’s my turn to stand corrected. Looks like we’ve removed Linux and XP from the supported platforms for some reason. When the ConfigCheck website was first released it had them listed. I’ve used it on my XP, 2003, Linux and OS X machines without any issues due to it running in Java but we may have made a decision to make it easier to support by limiting the platform. I shall don my deerstalker and investigate sir.

   [Reply]

4. Gavin Millard Says:
   June 11th, 2008 at 9:26 pm

   OK so I checked with the release team. They decided to only test and release it on Windows. Sorry bout the mix up

   [Reply]

5. Matthijs Haverink Says:
   June 12th, 2008 at 9:09 am

   Hey Gavin, thanks for the update!

   Just to be clear with Windows; do you mean only Windows Server 2003 or also XP/Vista etc ;)?

   [Reply]