Damm that STiG looks ESXy!

Where I work at we are currently in the process of virtualizing two of datacenters. Basically were going to stand up our ESX hosts, and then P2V all of our production systems into the new ESX hosts. Sounds simple (and actually it kind of is), but the tricky part is that we a have to first lockdown ESX according to the DISA STiGs since our network is a accredited secure network. DISA provides you with a checklist of all the lockdown steps they require (which is great reading if need a good nap but if your not inclined to do so I just tell you that there quite extensive).

DISA usually provides you with a way to automate most of their lockdown procedures, but when it comes to ESX.....no such luck. However I am not alone in this conquest and in fact there is a postings in the VMware Communities forums which discusses this topic. If you lok at the posting you'll see a kind man by the name of Phillip Morrison has modified the given DISA Security Readiness Review Evaluation Script for Unix,
wherever it is appropriate in regards to ESX (click here for more info). I want to give huge props to Phil and his colleague for putting their hard work into the shell script as it really simplified much of this process. I basically followed his blog posting from here, although I also saw another posting of his where he mentioned that the ESX host has to be in maintenance mode before preforming the secure lockdown (see here).

IntenseDebate added

I just installed IntenseDebate into this blog and intend on creating more posts this year then I did last year (which shouldn't be too hard). I am currently working on a project where I am trying to automate an ESX deployment in which all of the ESX hosts are locked down according to the DISA STiG, but more on that later.