Virtualfuture.info

Tripwire updated their free ConfigCheck utility to assess the security and configuration of an ESX host. The previous version only supported ESX 3.5 and the updated version also checks ESX 3.0.

Tripwire ConfigCheck provides an immediate assessment of the configurations of a VMware ESX hypervisor, comparing them against VMware hardening security guidelines, which are best practice recommendations for optimal security in virtual environments, and provides remediation instructions if any are needed. With Tripwire ConfigCheck, customers gain immediate visibility into risks that might exist in their virtual environment due to misconfiguration and are advised of recommended fixes to any configuration settings that could present future risk.

Read the press release 

Download ConfigCheck

Yesterday Tripwire released their free utility call TripWire ConfigCheck.

Together with VMWare Tripwire has developed this tool which helps to rapidly assess the security of your VMWare ESX 3.5 servers. Among other things the joint effort consists of VMWare delivering the VMWare Infrastructure 3 Security Hardening guidelines. This tool also provides the necessary steps that are needed for full remediation.

A couple of configuration parameters that are being checked are:

- Virtual network labeling
- Port Group settings
- Network isolation for VMotion and iSCSI
- NIC Mode settings / Layer 2 Security settings
- VMWare ESX Service Console security settings
- SAN resource masking and zoning

The website states that the system requirements are Windows Server 2003 + JRE 1.5 so that’s the official supported platform by TripWire. But as you can see in Gavin’s post below: Windows XP, Linux and even OS-X should work without a problem. Great work Gavin!

You can download the tool here.

Edit [10-6-2008 Matthijs] : Gavin Millard from TripWire yesterday published a “How To” concerning ConfigCheck : http://www.tripwire.org/blog/?p=38 . Kind-a-handy since there’s no official manual :).