Documente Academic
Documente Profesional
Documente Cultură
15
SEP
Remediation Steps
1. 2. 3. 4. Login to VirtualCenter or your ESX Host using the VI client Power off the VM to be changed Select the Virtual Machine that you wish to change Select edit settings
5. Then select the options tab 6. Select Advanced, General and then select the configuration parameters button. 7. Add a row if necessary and then enter in the name field: isolation.tools.diskWiper.disable 8. In the value field enter the value true 9. Add another row and enter in the name field isolation.tools.diskShrink.disable 10. Add in the value field true
Category : Virtualization Security Tips | Blog Bookmark : Digg del.icio.us Stumbleupon Redit it
y y y y y
3
JUN
y y y
Login to VirtualCenter or your ESX host using the VI Client Select the configuration tab for your ESX host Select networking from the hardware pane
y y y y y y y y y
Select the properties for the vswitch you wish to change Select Edit from the ports tab Select the security tab Change the MAC address spoofing setting to Reject
Category : Virtualization Security Tips | Blog Bookmark : Digg del.icio.us Stumbleupon Redit it
3
JUN
y y y y y y y y y
Login to the service console via ssh Edit the file /etc/modules.conf Comment out the line alias usb-controller Save the file
Category : Virtualization Security Tips | Blog Bookmark : Digg del.icio.us Stumbleupon Redit it
3
JUN
Protect the ESX Host so that the Root File System does not fill up
Make sure that each of the following directories is mounted on a separate partition: /home /var /tmp /log
Remediation 1. 2. 3. 4. 5. Log into the service console via ssh Run the command df -k this will show the current partition structure. You should have separate entries for each of the above directories. If you do not have separate directories then you will need to create new mount points for each of the directories and create new partitions on the disk. If you do not have enough disk space then you will need to make a decision on how practical it is for you to make the necessary changes in order to comply with this rule. Alternative approaches to not doing this would be to create a cronjob that monitors disk space and archives off log files and or deletes unwanted files to avoid the situation of the root partition filling up. NOTE: Altering disk partitions is a skilled job do not attempt this if you are unsure of what you are doing and always make a backup first. Datastore Partitioning, an appendix of the Installation and Upgrade Guide, covers disk partitions in more detail.
Category : Virtualization Security Tips | Blog Bookmark : Digg del.icio.us Stumbleupon Redit it
y y y y y
14
MAY
Remove Extended Stored Procedures from your Database When using MS SQL as the backend Database for your Virtual Center you should make sure that the following extended stored procedures have been removed or switched off. You should do this as procedures like xp_cmdshell allow full access to the underlying operating system. Entities: xp_available media xp_cmdshell xp_dirtree xp_dnsinfo xp_enumdsn xp_enumerrorlogs xp_enumgroups xp_eventlog xp_fixeddrives xp_getfiledetails
xp_getnetname xp_logevent xp_loginconfig xp_msver xp_readerrorlog xp_servicecontrol xp_sprintf xp_sscanf xp_subdirs Remediation: Remove Risk Level: High
Category : Virtualization Security Tips | Blog Bookmark : Digg del.icio.us Stumbleupon Redit it
y y y y y
4
APR
y y y y y
Category : Virtualization Security Tips | Blog Bookmark : Digg del.icio.us Stumbleupon Redit it
1
APR
y y y y y
19
MAR