VMware has released a document titled: Hardened Virtual Appliance Operations Guide. The paper, which contains 16 pages, is a guide targeted towards securing the appliace base platform to meet high governance requirements. In 2013, VMware started to standardize the security profile of its virtual appliaces to meet governance compliance requirements according to the Security Technical Information Guides (STIG).
The paper contains the following sections:
- Root password
- Password Expiry
- Dodscript.sh Script
- Secure Shell, Administrative Accounts, and Console Access
- Time Sourcing and Synchronization
- Log Forwarding – Syslog -ng and Auditd
Boot Loader (Grub) Password
NFS and NIS
The purpose of this hardened virtual appliance operations guide is to address the remaining technical requirements that are site-specific decisions required to meet the STIG. This document is intended for advanced level administrators, and should be read before deploying hardened virtual appliances in a production environment.