Wednesday, April 4, 2012

ESX Console OS (COS) security hardening guide

  • Console network protection
  1. Ensure that ESX firewall is configured to high security. (By default)
  2. limit network access to applicatons and services
  3. Don't run NFS clients or NIS clients in the service console.
  4. Don't apply Red Hat patch to service console.
  5. Don't rely on patch tools for Red Hat
  6. Don't manage service console as a Red Hat host
  7. limit the use of service console 
  8. use directory for authentication
  9. password complexity
  10. password history
  11. password aging
  12. password minimum days
  13. vpxuser auto-password change in vCenter, every 30 days, lower than password aging policy at COS
  • Console logging
  1. Config syslog logging
  2. Config NTP time synchronization
  • Console Hardening
  1. Prevent root file system from filling up
  2. Maintaining file system integrity
  3. Permission of important files and utility command
  4. Prevent tampering at boot time: grub password
  5. Required authentication for single user mode
  6. Disable SSH for root account.
  7. Disable console root login, using sudo or su
  8. limit the access to su command
  9. Configure and use sudo to control administrative access.
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)