## ⛳Goal The goal of this project is to harden my current vSphere environment according to vSphere best practices. VMware already provides a public repository for general hardening that can be extended to account for parameters that are specified in different standards, e.g. CIS. ## ✅ToDos - [x] Run ESXi report ✅ 2025-03-05 - [x] Run vCenter report ✅ 2025-03-05 - [x] Run VM report ✅ 2025-03-05 - [x] Evaluate which settings are possible to implement ✅ 2025-03-05 - [x] Make possible settings compliant ✅ 2025-03-05 ## 📖Documentation ### Report To generate the report for vSphere 8.0 you need to connect to a vCenter/ESXi instance to run the report on and provide a path for the report output. You may also need to navigate inside the script folder, as it uses relative paths to the script dependencies. ```powershell #Connect to vCenter connect-viserver "vcenter.lab.sponar.de" ``` ```powershell # Navigate into audit folder and run script cd /path/to/repository/security-configuration-hardening-guide/vsphere/8.0/Tools/ # Run script with output folder parameter ./audit-all.ps1 -OutputDirName /path/to/reportfolder/ ``` The audit script generates text files for all components (ESXi, vCenter, VMs): ![[_media/vSphere hardening2025-01-13.png]] Inside each of those text files all checks and current compliance status are shown. ![[_media/vSphere hardening2025-01-13-1.png]] ## 🔗Resources ### VMware VCF Hardening Guide - https://github.com/vmware/vcf-security-and-compliance-guidelines ### ESXi Ransomware Incident Response Keynote - https://www.youtube.com/watch?v=Z7pmI73Rhxw