1 Reply Latest reply: Jun 5, 2013 8:09 AM by njones RSS

VMware vSphere 5.x Hardening Guide Audit




VMware vSphere 5.x Hardening Guide audit




This audit file implements most of the recommendations provided by the VMware vSphere 5.0 and 5.1 Hardening Guide. These recommendations cover a broad range of settings for individual virtual machines, ESXi hosts, vCenter Servers, and Virtual Network.


The audit file is broken down into individual sections which line up with these categories and also include both the ID references and the associated profile references.


Where applicable the Nessus checks in the audit file have been created such that local environmental values can be easily integrated. For example, VMware recommends that the ESXi shell be configured to utilize a timeout to close inactive session. The included checks allow for the user to customize this to fit the timeout values which apply to the local environment. Below is an example of the included samples to assist in this customization.

    # example expect
    # expect        : "UserVars\.ESXiShellTimeout : (300|[1-2][0-9][0-9]|[1-9][0-9]|[1-9])$"
    expect           : "UserVars\.ESXiShellTimeout : {SHELL_TIMEOUT}$"


Here is a screenshot of some sample results.


Total Checks:




See also:


The Excel spreadsheet of the VMware recommendations can be downloaded here:

- VMware vSphere 5.0 Hardening Guide

- VMware vSphere 5.1 Hardening Guide


Files included:



Tenable Support Portal - under "Tenable Configuration Audits"


Message was edited by: Nichol Jones - Support for VMware vSphere 5.1 Hardening Guide has been added to this audit file.