Tripwire updated their free ConfigCheck utility to assess the security and configuration of an ESX host. The previous version only supported ESX 3.5 and the updated version also checks ESX 3.0.

Tripwire ConfigCheck provides an immediate assessment of the configurations of a VMware ESX hypervisor, comparing them against VMware hardening security guidelines, which are best practice recommendations for optimal security in virtual environments, and provides remediation instructions if any are needed. With Tripwire ConfigCheck, customers gain immediate visibility into risks that might exist in their virtual environment due to misconfiguration and are advised of recommended fixes to any configuration settings that could present future risk.

Read the press release 

Download ConfigCheck

Today I stumbled upon an article of Mark Gaydos on TripWire.org. In this article he describes a conversation he had with an Industry Analyst concerning the future of Virtualization Administration. What it basically comes down to is that in a couple of years Virtualization will be commodity and all aspects will be divided to separate departments/disciplines. The department networking will be concerned with the virtual networks, the department security will be concerned with all the virtual infrastructure security and so on.

This might sound far away but I also think Read the rest of this entry »

Yesterday Tripwire released their free utility call TripWire ConfigCheck.

Together with VMWare Tripwire has developed this tool which helps to rapidly assess the security of your VMWare ESX 3.5 servers. Among other things the joint effort consists of VMWare delivering the VMWare Infrastructure 3 Security Hardening guidelines. This tool also provides the necessary steps that are needed for full remediation.

A couple of configuration parameters that are being checked are:

- Virtual network labeling
- Port Group settings
- Network isolation for VMotion and iSCSI
- NIC Mode settings / Layer 2 Security settings
- VMWare ESX Service Console security settings
- SAN resource masking and zoning

The website states that the system requirements are Windows Server 2003 + JRE 1.5 so that’s the official supported platform by TripWire. But as you can see in Gavin’s post below: Windows XP, Linux and even OS-X should work without a problem. Great work Gavin!

You can download the tool here.

Edit [10-6-2008 Matthijs] : Gavin Millard from TripWire yesterday published a “How To” concerning ConfigCheck : http://www.tripwire.org/blog/?p=38 . Kind-a-handy since there’s no official manual .