vSphere 5.0 Security Hardening Recommended VM Settings Configure Script

Scripting, Virtualization 2 Minutes

1) Create 3 text files, one for each security profile:

profile3_Low.txt

RemoteDisplay.maxConnections,2

profile2_Med.txt

RemoteDisplay.maxConnections,1
floppyX.present,FALSE
serialX.present,FALSE
parallelX.present,FALSE
usb.present,FALSE
ideX:Y.present,FALSE
isolation.tools.unity.push.update.disable,TRUE
isolation.tools.ghi.launchmenu.change,TRUE
isolation.tools.memSchedFakeSampleStats.disable,TRUE
isolation.tools.getCreds.disable,TRUE
isolation.tools.autoInstall.disable,TRUE
tools.guestlib.enableHostInfo,FALSE

profile1_High.txt

RemoteDisplay.maxConnections,1
floppyX.present,FALSE
serialX.present,FALSE
parallelX.present,FALSE
usb.present,FALSE
ideX:Y.present,FALSE
isolation.tools.unity.push.update.disable,TRUE
isolation.tools.ghi.launchmenu.change,TRUE
isolation.tools.memSchedFakeSampleStats.disable,TRUE
isolation.tools.getCreds.disable,TRUE
isolation.tools.autoInstall.disable,TRUE
tools.guestlib.enableHostInfo,FALSE
isolation.tools.ghi.autologon.disable,TRUE
isolation.bios.bbs.disable,TRUE
isolation.tools.hgfsServerSet.disable,TRUE
isolation.monitor.control.disable,TRUE

2) Create the ‘vSphere_Security_Configure.ps1’ script

#Uncomment if this SnapIn has not been added
#Add-PSSnapIn VMware.VimAutomation.Core

CLS

#Specify the VM name here
$VM = Get-VM “DEV-LINUX-01”

#Specify the security profile file
$file = Import-Csv c:\powercli\profile3_Low.txt -Header Key,Value

$creds = Get-VICredentialStoreItem -file “C:\powercli\credfile.xml”
Connect-viserver -Server $creds.Host -User $creds.User -Password $creds.Password

function Set-VMAdvancedConfiguration {
<#
.SYNOPSIS
  Sets an advanced configuration setting (VMX Setting) for a VM
  or multiple VMs
.DESCRIPTION
  The function will set a VMX setting for a VM
  or multiple VMs
.NOTES
  Source:  Automating vSphere Administration
  Authors: Luc Dekens, Arnim van Lieshout, Jonathan Medd,
           Alan Renouf, Glenn Sizemore
  Adjusted: 07 June 2012 by Alan Renouf to accept a list of options
.PARAMETER VM
  A virtual machine or multiple virtual machines
.PARAMETER Key
  The Key to use for the advanced configuration
.PARAMETER Value
  The value of the key
.EXAMPLE 1
  PS> Set-VMAdvancedConfiguration -key log.rotatesize -value 10000
.EXAMPLE 2
  PS> $file = Import-Csv c:\tmp\Settings.txt -Header Key,Value
  PS> Set-VMAdvancedConfiguration -vm $VM -OptionList $file
#>

  param(
    [Parameter(Mandatory=$true,ValueFromPipeline=$true)]
      $vm,
      [String]$key,
      [String]$value,
      [Array]$OptionList
      )

  process{
    $vmConfigSpec = new-object VMware.Vim.VirtualMachineConfigSpec
    If ($OptionList) {
        $OptionList | Foreach {
            $Values = new-object vmware.vim.optionvalue
            $Values.key=$_.key
            $Values.value=$_.value
            $vmConfigSpec.ExtraConfig += $Values
            Write-Host “Adding $($_.Key) = $($_.Value)”
        }
    } Else {
        $vmConfigSpec.ExtraConfig += new-object VMware.Vim.OptionValue
        $vmConfigSpec.ExtraConfig[0].key = $key
        $vmConfigSpec.ExtraConfig[0].value = $value
        Write-Host “Adding $Key = $Value”
    }
    foreach ($singlevm in $vm) {
      $Task = ($singlevm.ExtensionData).ReconfigVM_Task($vmConfigSpec)
      Write “Set Advanced configuration for $($singleVM.Name)”
    }
  }
}

Set-VMAdvancedConfiguration -vm $VM -OptionList $file

3) Now let’s confirm the change has been made. Retrieve my ‘vSphere_Security_Check.ps1’ script. And add  the VM name (it is DEV-LINUX-01 in my example) at the end of ‘Get-VM’. It should look like this:

Get-VM  DEV-LINUX-01 | Get-VMAdvancedConfiguration | Where-Object {($_.Key -eq ‘nvram’) ` ….

4) Check the report

image

Published by Jackie Chen

Published

One thought on “vSphere 5.0 Security Hardening Recommended VM Settings Configure Script

  1. Pingback: [2017-Jul.-New]Offer 256Q 2V0-621D VCE Dumps in Braindump2go[Q21-Q30] | Braindump2go Exam Dumps with PDF and VCE(New Version!)

Leave a comment