Comments on: Script to allow ESX to pass a DISA Security Readiness Review http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/ A home for all things TechnoGeeky Thu, 04 Feb 2010 07:43:52 +0000 http://wordpress.org/?v=abc hourly 1 By: Philip Morrison http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/comment-page-1/#comment-205 Philip Morrison Thu, 21 Aug 2008 22:35:21 +0000 http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/#comment-205 I think I answered this in the VMTN but in case I didnt (ive been on a bunch of planes lately)... /var/log/ESX_SRRSecure.timestamp should have the output of the results. I think I answered this in the VMTN but in case I didnt (ive been on a bunch of planes lately)…
/var/log/ESX_SRRSecure.timestamp should have the output of the results.

]]> By: BacMan http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/comment-page-1/#comment-204 BacMan Thu, 21 Aug 2008 04:58:23 +0000 http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/#comment-204 Thanks Philip. Also, for the ESX script, is there a way to output the result to a log file for later review. As I have noticed when I ran the script it has some errors but it went by too fast. Or, is there a way to pause the script at certain point to see what is going on? I am new to UNXIX and shell scripting. Thanks again for your help and much appreciated. Cheers, Thanks Philip.

Also, for the ESX script, is there a way to output the result to a log file for later review. As I have noticed when I ran the script it has some errors but it went by too fast. Or, is there a way to pause the script at certain point to see what is going on?

I am new to UNXIX and shell scripting. Thanks again for your help and much appreciated.

Cheers,

]]> By: Philip Morrison http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/comment-page-1/#comment-203 Philip Morrison Wed, 20 Aug 2008 22:43:24 +0000 http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/#comment-203 when you run the SRR it creates a folder that is the same as the FQDN of the server you ran it on. IF you told the SRR to only report open findings you should find a file there that should be the name-of-the-server.open It should have all the open findings in txt format. when you run the SRR it creates a folder that is the same as the FQDN of the server you ran it on. IF you told the SRR to only report open findings you should find a file there that should be the name-of-the-server.open It should have all the open findings in txt format.

]]> By: BacMan http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/comment-page-1/#comment-202 BacMan Wed, 20 Aug 2008 01:30:54 +0000 http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/#comment-202 Thanks Philip. As a note,the doc above mentioned that you run the SRR and allowed the ESX server rebooted. Then, re-run the SRR script again and compare the result. Where the results are save as? TIA Thanks Philip.

As a note,the doc above mentioned that you run the SRR and allowed the ESX server rebooted. Then, re-run the SRR script again and compare the result. Where the results are save as?

TIA

]]> By: Philip Morrison http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/comment-page-1/#comment-199 Philip Morrison Thu, 07 Aug 2008 00:01:46 +0000 http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/#comment-199 There is a way to do this from the command line. vimsh -n -e /hostsvc/maintenance_mode_exit This was going to be in the script but we decided not to do so since it could impact production environments. There is a way to do this from the command line.
vimsh -n -e /hostsvc/maintenance_mode_exit

This was going to be in the script but we decided not to do so since it could impact production environments.

]]> By: BacMan http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/comment-page-1/#comment-198 BacMan Wed, 06 Aug 2008 23:04:06 +0000 http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/#comment-198 In ESX SRR prerequisites that the ESX server need to be in the "maintenance mode". Do you know how to do this from the console? I guessed I can use VC to put the ESX server in the maintenance mode. But, just want to know if I can do it from CLI. Thanks. In ESX SRR prerequisites that the ESX server need to be in the “maintenance mode”. Do you know how to do this from the console?

I guessed I can use VC to put the ESX server in the maintenance mode. But, just want to know if I can do it from CLI.

Thanks.

]]> By: Brian http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/comment-page-1/#comment-201 Brian Tue, 29 Jul 2008 13:44:21 +0000 http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/#comment-201 Sorry, missed your June post with all this info.... Sorry, missed your June post with all this info….

]]> By: Brian http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/comment-page-1/#comment-200 Brian Tue, 29 Jul 2008 13:41:14 +0000 http://www.intrasection.com/pjmorr/2008/05/12/script-to-allow-esx-to-pass-a-disa-security-readiness-review/#comment-200 Just an update.... DISA now has/supports an ESX STIG and has released a checklist for it. Also, the new DISA password requirements are 14 charcters, 2 upper, 2 lower, 2 number, 2 special. This will also not apply to people running ESX 3i, as in embeded hardware installs from HP/Dell/etc. Just an update…. DISA now has/supports an ESX STIG and has released a checklist for it.

Also, the new DISA password requirements are 14 charcters, 2 upper, 2 lower, 2 number, 2 special.

This will also not apply to people running ESX 3i, as in embeded hardware installs from HP/Dell/etc.

]]>