vmware-esxi-hardening
Powershell script to apply hardening recomendation in ESXi hosts 6.5 and 6.7
Script to verify and automatic apply hardening policies.
The script verify and fix the following points.
- Local NTP servers
- Syslog.global.logDir
- SNMP Service
- MOB Disable
- TLS Protocols (only allow 1.2)
- AD Auth
- Security.AccountUnlockTime
- Security.AccountLockFailures
- UserVars.DcuiTimeOut
- Security.PasswordQualityControl
- UserVars.ESXiShellInteractiveTimeOut
- UserVars.ESXiShellTimeOut
- Mem.ShareForceSalting -> set to 2
- Acceptance Level for VIBs
- Promiscuous Mode
- dvfilter API
- Unsigned Modules
Items: 2, 14 and 17, just check if it is ok or not. Because each infrastructure has its own policy.