June 5, 2008 - Matthijs Haverink

Tripwire & VMWare release ConfigCheck for VMware ESX Hosts

Yesterday Tripwire released their free utility call TripWire ConfigCheck.

Together with VMWare Tripwire has developed this tool which helps to rapidly assess the security of your VMWare ESX 3.5 servers. Among other things the joint effort consists of VMWare delivering the VMWare Infrastructure 3 Security Hardening guidelines. This tool also provides the necessary steps that are needed for full remediation.

A couple of configuration parameters that are being checked are:

– Virtual network labeling
– Port Group settings
– Network isolation for VMotion and iSCSI
– NIC Mode settings / Layer 2 Security settings
– VMWare ESX Service Console security settings
– SAN resource masking and zoning

The website states that the system requirements are Windows Server 2003 + JRE 1.5 so that’s the official supported platform by TripWire. But as you can see in Gavin’s post below: Windows XP, Linux and even OS-X should work without a problem. Great work Gavin!

You can download the tool here.

Edit [10-6-2008 Matthijs] : Gavin Millard from TripWire yesterday published a “How To” concerning ConfigCheck : http://www.tripwire.org/blog/?p=38 . Kind-a-handy since there’s no official manual :).

Virtualization news ConfigCheck / ESX / Security / Tripwire / VMware /

Comments

  • Sorry to correct you but ConfigCheck also runs on XP and Linux without any issues. I’ve been running it on my XP desktop since release and it works like a charm.

    Let us know how you and your readers get on with our new little tool.

  • Hello Gavin,

    I stand corrected and thank you for this correction !

    I do have to say that I got this information from your download site :

    http://www.tripwire.com/configcheck/configcheckdownload.cfm

    There it literally states : “System Requirements: Windows 2003 with JRE version 1.5 or later.”

    So if XP and Linux are officially supported you might like to add that to the System Requirements statement there, because you fooled me :).

  • Now it’s my turn to stand corrected. Looks like we’ve removed Linux and XP from the supported platforms for some reason. When the ConfigCheck website was first released it had them listed. I’ve used it on my XP, 2003, Linux and OS X machines without any issues due to it running in Java but we may have made a decision to make it easier to support by limiting the platform. I shall don my deerstalker and investigate sir.

  • OK so I checked with the release team. They decided to only test and release it on Windows. Sorry bout the mix up 🙂

  • Hey Gavin, thanks for the update!

    Just to be clear with Windows; do you mean only Windows Server 2003 or also XP/Vista etc ;)?