vSphere Security Check Script

Published: Automation
Dear Readers, It's been long since I have written a blog. But as promised, we will collaborate here and continue to work towards making the scripts more stable and incorporate more features into it. Towards that goal I am writing this blog. When run, the script will automatically check whether security best practices are implemented in a vSphere environment or not. The best practices are checked as per the security hardening guide given in "vSphere_6_0_Hardening_Guide_GA_15_Jun_2015.xls" document released by VMware. You can get more details about the guide in https://blogs.vmware.com/vsphere/2015/06/vsphere-6-hardening-guide-ga-now-available.html.There are two parts in the script. The first part Get-Security.ps1 is the one which invokes the other functions. The second part and the most important one is SecurityFunctions.ps1. This is the main script with all the required functions which does the actual job.

The functions in SecurityFunctions.ps1 file can be divided into three main categories.

  1. The functions related to HTML report file generation
  2. Log write function which generates Logs
  3. The most important one is Get-SecurityFunction which check the environment for security implementation and calls other functions to generate the report

A portion of the sample report is provided below:

vSphere Security Check - Sample 1
This is version 1 of the script. I plan to incorporate the following improvements/enhancements in the scripts.

  • Create a front end form where users will be able to choose the ESXi hosts and VMs on which the security test will be done
  • Create separate functions for ESXi hosts check and VMs check
  • Separate HTML output generation function from Get-SecurityFunction
  • Create more proper Verbose and Debug output
  • Create more detailed logging
  • Take input from credential file instead of at the runtime

I expect inputs from you so that we can work together to make it better. The script and sample can be availed from https://github.com/sajaldebnath/vsphere-security-hardening .