It’s finally released: The vSphere 5.0 hardening guide, even tho it’s a draft version (final version somewhere around May). With the new release the document changed into a spreadsheet with easy sorting and filtering options. This is in my opinion a great improvement!

The document is available on the VMware Communities.

This is the public draft of the vSphere 5.0 Security Hardening Guide. It is being posted to this Community in order to provide early access to interested parties, and to gather feedback. The final version will be made available approximately in the middle of May.

This is a small post which explains how you can secure vCenter Mobile Access (vCMA). For the people who don’t know what vCenter Mobile Access is I suggest you check out the Flings page. People who use the iPad vSphere Client will probably have this Fling running in their environment or lab.

The Fling itself is a CentOS install which has a few ports open to the outside by default. The following commands will help you install Fail2ban and give you the ability to secure these ports (by default SSH only is secured) from login failures, flooding,…

vcma:~# yum install iptables
vcma:~# wget
vcma:~# rpm -Uvh epel-release-5-4.noarch.rpm 
vcma:~# yum install fail2ban

And finally you can start the service and see it listed in the iptables list.

vcma:~# /etc/init.d/fail2ban start
Starting fail2ban:                                         [  OK  ]
vcma:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
fail2ban-SSH  tcp  --  anywhere             anywhere            tcp dpt:ssh 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-SSH (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere        

That’s it!