Pages

Friday, September 12, 2008

ESX STIG Script

Just to let everyone know, we posted a new version (1.3) of the ESX_SRRSecure.sh script on the VMTN.
ESX_SRRSecure - Script to allow ESX to pass a DISA Security Readiness Review

For now you still have to edit the file and search for 192.168.10. and replace it with your network id.

Version 1.4 will come soon..

4 comments:

  1. Phil you mentioned in the VMTN forum that you "have built custom install CDs in which this script is run automatically in the %post section." I am trying to do something similar by incorporating it in my kickstart file. I'm not that familiar with bash but it looked as though I could run the script silently providing a password hash. He is what I have:

    lwp-download http://192.168.1.102/ESX_SRRSecure.ver1.3.sh /tmp/ESX_SRRSecure.ver1.3.sh
    ./tmp/ESX_SRRSecure.ver1.3.sh -s -h $1$I2FyAXFF$SyoooKYopRRmQdgSv3kQp0 -r

    Do I know if I am doing this right? Thanks for all the help, Craig

    ReplyDelete
  2. There is a newer version of the script which has command line switches for adding the password and such so it is completely automated. We have not released this to the public yet because it has not been regression tested with the new findings that were added between the last published version and this unreleased version.

    ReplyDelete
  3. Thank you for you ESX STIG script it gives us a great starting point. Still looking forward to v1.4...

    ReplyDelete
  4. There are other projects in the works right now since vSphere is out. Probably wont see anything new for a while but we are still working on improvements. For now this script does 90% of the manual changes needed to get past the security review (not counting the manual review items)...

    Thanks for the feedback though. Glad others are finding it useful.

    ReplyDelete