1) Create 3 text files, one for each security profile: profile3_Low.txt RemoteDisplay.maxConnections,2 profile2_Med.txt RemoteDisplay.maxConnections,1floppyX.present,FALSEserialX.present,FALSEparallelX.present,FALSEusb.present,FALSEideX:Y.present,FALSEisolation.tools.unity.push.update.disable,TRUEisolation.tools.ghi.launchmenu.change,TRUEisolation.tools.memSchedFakeSampleStats.disable,TRUEisolation.tools.getCreds.disable,TRUEisolation.tools.autoInstall.disable,TRUEtools.guestlib.enableHostInfo,FALSE profile1_High.txt RemoteDisplay.maxConnections,1floppyX.present,FALSEserialX.present,FALSEparallelX.present,FALSEusb.present,FALSEideX:Y.present,FALSEisolation.tools.unity.push.update.disable,TRUEisolation.tools.ghi.launchmenu.change,TRUEisolation.tools.memSchedFakeSampleStats.disable,TRUEisolation.tools.getCreds.disable,TRUEisolation.tools.autoInstall.disable,TRUEtools.guestlib.enableHostInfo,FALSEisolation.tools.ghi.autologon.disable,TRUEisolation.bios.bbs.disable,TRUEisolation.tools.hgfsServerSet.disable,TRUEisolation.monitor.control.disable,TRUE 2) Create the ‘vSphere_Security_Configure.ps1’ script #Uncomment if this SnapIn has not been added#Add-PSSnapIn VMware.VimAutomation.Core CLS #Specify the VM name here$VM = Get-VM "DEV-LINUX-01" #Specify the security profile file$file = Import-Csv c:\powercli\profile3_Low.txt -Header Key,Value $creds = Get-VICredentialStoreItem -file “C:\powercli\credfile.xml”Connect-viserver -Server … Continue reading vSphere 5.0 Security Hardening Recommended VM Settings Configure Script
Author: Jackie Chen
vSphere 5.0 Clustering Basic Design Principles
1) Although HA is not dependent on DNS any more, it is still recommended to register the hosts with their FQDN. 2) Ensure syslog is correctly configured and log files are offloaded to a safe location to offer the possibility of performing a root cause analysis in case disasters strikes. 3) In stateless environment, ensure … Continue reading vSphere 5.0 Clustering Basic Design Principles
vSphere 5.0 Security Hardening Recommended VM Settings Check Script
#Uncomment if this SnapIn has not been added#Add-PSSnapIn VMware.VimAutomation.Core CLS $a = "<style>"$a = $a + "BODY{background-color:peachpuff;}"$a = $a + "TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}"$a = $a + "TH{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color:thistle}"$a = $a + "TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black;background-color:palegoldenrod}"$a = $a + "</style>" $creds = Get-VICredentialStoreItem -file “C:\powercli\credfile.xml”Connect-viserver -Server $creds.Host -User $creds.User -Password … Continue reading vSphere 5.0 Security Hardening Recommended VM Settings Check Script
ESXi 5.0 False Alarm ‘no management network redundancy’
In the vCenter, if you see the warning ‘this host currently has no management network redundancy’ in the summary tab for a host, but you are sure there is. It may be caused by that the HA agent (FDM) does not update the information in a timely fashion. To fix it, you have to manually … Continue reading ESXi 5.0 False Alarm ‘no management network redundancy’
Install syslog-ng on CentOS 6.3
syslog-ng is an open source syslog server that can be installed on many *nix servers. In my example, I installed it on a 64bit CentOS 6.3 server with minimal package. 1) Download and extract the source code. wget http://www.balabit.com/downloads/files?path=/syslog-ng/open-source-edition/3.4.0alpha3/source/eventlog_0.2.12.tar.gz wget http://www.balabit.com/downloads/files?path=/syslog-ng/open-source-edition/3.4.0alpha3/source/syslog-ng_3.4.0alpha3.tar.gz tar xvzf eventlog-0.2.12.tar.gz tar xvzf syslog-ng-3.4.0alpha3.tar.gz 2) Install dependencies. yum -y install kernel-headers* glibc-headers-* … Continue reading Install syslog-ng on CentOS 6.3
Jackie Chen's IT Workshop 