Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

New Nessus VMware vSphere/vCenter Audits Now Available

Nessus contained the ability to perform compliance audits against VMware ESX for some time. However, the methods used SSH credentials to log into the VMware platform and perform the audit checks. SSH has been disabled by default on newer versions of ESX/ESXi.

Tenable has now implemented new checks using the VMware SOAP API (which is already being used by existing plugins to pull information about VMware systems). Tenable has developed APIs for both ESXi (the interface available free of charge to manage virtual machines (VMs) on ESX/ESXi) and vCenter (an add-on product available from VMware at some cost to manage one or more ESX/ESXi servers). Supported versions are ESXi 4.x/5.x and vCenter 4.x/5.x.

Comprehensive Configuration and Compliance Auditing for VMware

Three new customizable compliance auditing files are now available on the Tenable Support Portal. The new .audit files provide more than twice the number of checks (over 200+) currently available in VMware's compliance checking tool. The audit files are:

VMware-hardening Compliance Audit

This compliance audit represents the industry-standard resource when it comes to hardening VMware infrastructure. The compliance auditing file uses the guides from VMware and provides you with a report to see how your configuration stacks up.

Tenable vCenter/vSphere Best Practices Configuration Audit

By interfacing with the VMware API, Nessus is able to go beyond the hardening guidelines provided by VMware. There is more information that Nessus is able to audit and report on that is useful to VMware administrators. For example, Nessus can report whether VMware Tools was installed, the heartbeat settings on VMs, Guest operating system listings, overall VM status, floppy/CD-ROM drives connected, and iSCSI device status.

DISA VMware ESXi/vCenter 5 STIG Audit

This audit implements the majority of the recommendations provided by the latest draft version of the DISA VMware ESXi/vCenter 5 Security Technical Implementation Guide (STIG).

Initiating VMware Compliance Auditing Scan

The first step is to create a new policy and enter the administrative credentials for the VMware ESX and/or vCenter server:

Nessus - Policy Preference
This is an example of vCenter credentials being added to the policy.

Next, be certain to enable Plugin ID #64455 (VMware vCenter/vSphere Compliance Checks):

Nessus - VMware Compliance Plugin Enabled
For compliance auditing, you can disable all other plugins and only enable the appropriate compliance checking plugin(s).

Next, upload one or more VMware compliance auditing files to the policy:

Nessus - Apply Audit Policies
In this example, I've added both new VMware compliance auditing checks described above.

Finally, you can save the policy, create a scan template, and launch the scan.

VMware Compliance Auditing Results

Once the scan completes, you can find the results in the "Compliance" tab:

Nessus - ESXi Results
Above is a list of warnings, plus failed and passed checks for the ESXi target. The results come from the Tenable vCenter/vSphere Best Practices Configuration Audit and represent various settings that Nessus is now able to audit.

This is a great example as it highlights some of the configuration settings detected by Tenable’s best practice audit. For example, the target host has not implemented remote syslog monitoring.

Below is an example of a passed compliance check that lists the operating systems of the VMs installed on the ESXi target:

Nessus - ESXi Passed Results
If multiple ESXi or vCenter targets were audited, the results will be broken down for each instance. In addition to the operating system, the running state at the time of the scan is listed. The audit check reports the IP address of the VM if VMware Tools is installed (otherwise the report lists “toolsNotInstalled” as shown above).

If a check passes, this plugin reports all the VMs that matched the policy. The .audit supplied by Tenable will report both the VM name and IP of the target. However, note that the IP address for a VM is not available unless VMware Tools is installed.

Conclusion

Hardening your systems is one of the most effective ways to prevent systems from becoming compromised. Not only must you consider operating system hardening, but also the virtualization platform they are running on. Nessus now offers a comprehensive way to audit your VMware environment.

For more information on the .audit file syntax, please view the post on the Tenable Discussion Forum.

Related Posts

For information related to additional enterprise configuration and compliance audits, please see the following blog posts.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs
Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security