![]() ![]() VMware vCenter/vSphere Compliance Check (under “Policy Compliance”) Only enable the following plugins so the scan will target the VMware Policy Compliance audit. Within the Policy, all of the General Settings can remain the same, and we want to modify the Plugins enabled for our new Policy. ![]() Jumping right in, let’s create a new Nessus Policy and modify it to fit our needs. The reason we want to segregate the Policy Compliance scan (although it is not required) is that it will help teach us how to perform the compliance scan as a standalone scan, and can also help troubleshoot issues when learning the new scan type. Our goal is to create a minimal compliance scan that is based around the VMware vSphere Compliance audit, and also reduces the number of plugins required to effectively run the scan. So, taking my own experiences with the audit scripts, and merging these with the already available resources, I’d like to provide others with some straightforward answers to the questions and issues I had when first running the VMware vSphere compliance audit scans. When using these scripts, there are a few forum posts (provided by Nessus and Tenable) that provide some information, and although they can collectively provide good enough instructions on how to run the scan, they omit a few details that would have been very handy to know prior to performing these compliance checks. Recently VMware officially released the vSphere 5.1 Hardening Guide, for which Tenable have then released Nessus compliance scripts to check for the recommended configurations. ![]() Nessus has the ability to run compliance checking scripts for many different services and servers, and is a great resource for aligning a server with “best practice” server hardening guides, such as those released by the Center for Internet Security (CIS). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |