Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

New Nessus VMware vSphere/vCenter Audits Now Available

Nessus contained the ability to perform compliance audits against VMware ESX for some time. However, the methods used SSH credentials to log into the VMware platform and perform the audit checks. SSH has been disabled by default on newer versions of ESX/ESXi.

Tenable has now implemented new checks using the VMware SOAP API (which is already being used by existing plugins to pull information about VMware systems). Tenable has developed APIs for both ESXi (the interface available free of charge to manage virtual machines (VMs) on ESX/ESXi) and vCenter (an add-on product available from VMware at some cost to manage one or more ESX/ESXi servers). Supported versions are ESXi 4.x/5.x and vCenter 4.x/5.x.

Comprehensive Configuration and Compliance Auditing for VMware

Three new customizable compliance auditing files are now available on the Tenable Support Portal. The new .audit files provide more than twice the number of checks (over 200+) currently available in VMware's compliance checking tool. The audit files are:

VMware-hardening Compliance Audit

This compliance audit represents the industry-standard resource when it comes to hardening VMware infrastructure. The compliance auditing file uses the guides from VMware and provides you with a report to see how your configuration stacks up.

Tenable vCenter/vSphere Best Practices Configuration Audit

By interfacing with the VMware API, Nessus is able to go beyond the hardening guidelines provided by VMware. There is more information that Nessus is able to audit and report on that is useful to VMware administrators. For example, Nessus can report whether VMware Tools was installed, the heartbeat settings on VMs, Guest operating system listings, overall VM status, floppy/CD-ROM drives connected, and iSCSI device status.

DISA VMware ESXi/vCenter 5 STIG Audit

This audit implements the majority of the recommendations provided by the latest draft version of the DISA VMware ESXi/vCenter 5 Security Technical Implementation Guide (STIG).

Initiating VMware Compliance Auditing Scan

The first step is to create a new policy and enter the administrative credentials for the VMware ESX and/or vCenter server:

Nessus - Policy Preference
This is an example of vCenter credentials being added to the policy.

Next, be certain to enable Plugin ID #64455 (VMware vCenter/vSphere Compliance Checks):

Nessus - VMware Compliance Plugin Enabled
For compliance auditing, you can disable all other plugins and only enable the appropriate compliance checking plugin(s).

Next, upload one or more VMware compliance auditing files to the policy:

Nessus - Apply Audit Policies
In this example, I've added both new VMware compliance auditing checks described above.

Finally, you can save the policy, create a scan template, and launch the scan.

VMware Compliance Auditing Results

Once the scan completes, you can find the results in the "Compliance" tab:

Nessus - ESXi Results
Above is a list of warnings, plus failed and passed checks for the ESXi target. The results come from the Tenable vCenter/vSphere Best Practices Configuration Audit and represent various settings that Nessus is now able to audit.

This is a great example as it highlights some of the configuration settings detected by Tenable’s best practice audit. For example, the target host has not implemented remote syslog monitoring.

Below is an example of a passed compliance check that lists the operating systems of the VMs installed on the ESXi target:

Nessus - ESXi Passed Results
If multiple ESXi or vCenter targets were audited, the results will be broken down for each instance. In addition to the operating system, the running state at the time of the scan is listed. The audit check reports the IP address of the VM if VMware Tools is installed (otherwise the report lists “toolsNotInstalled” as shown above).

If a check passes, this plugin reports all the VMs that matched the policy. The .audit supplied by Tenable will report both the VM name and IP of the target. However, note that the IP address for a VM is not available unless VMware Tools is installed.

Conclusion

Hardening your systems is one of the most effective ways to prevent systems from becoming compromised. Not only must you consider operating system hardening, but also the virtualization platform they are running on. Nessus now offers a comprehensive way to audit your VMware environment.

For more information on the .audit file syntax, please view the post on the Tenable Discussion Forum.

Related Posts

For information related to additional enterprise configuration and compliance audits, please see the following blog posts.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training