vSphere Hardening Guide Compliance Scripts
Based on VMware's Hardening Guide and CIS Benchmarks
All VMware Hardening Guides are homed at http://www.vmware.com/security/hardening-guides.html
CIS Benchmarks are homed here: https://www.cisecurity.org/cis-benchmarks/
These scripts were used in SANS SEC579 (now retired): https://www.sans.org/course/virtualization-private-cloud-security
Scripts:audit-esxi.ps1 Audit ESXi specific checks
audit-vnetwork-ps1 Audit network specific checks
audit-vms.ps1 Audit all VMs
audit-vc.ps1 Audit vCenter
For usage:
- Open VMware PowerCLI
- Run the desired script with the target ESXi or vCenter host as the single argument
- Targeting a vCenter host will cover all attached ESXi hosts and VMs
Requirements:
- PowerShell version 4 or better is recommended ($PSVersionTable.PSVersion)
- PowerCLI version 5.5 release 1 or newer (Get-PowerCLIVersion)
- NMAP is required for some audit tests - install the latest version of nmap from https://nmap.org/download.html
The vCenter audit script is optimized for Windows installs, but will still run fine against the Appliance version of VC
Check back often for updates - there's lots coming!
Enjoy!