Tripwire ConfigCheck Now Assesses VMware ESX 3.0
When Tripwire released ConfigCheck for ESX 3.5 back in June, the product was an instant success and downloaded by tens of thousands of VMware administrators. The free security hardening tool, jointly developed by VMware and Tripwire, could not be used on ESX 3.0 versions, however. On July 21 Tripwire announced the availability of Tripwire ConfigCheck for ESX 3.0 thus now allowing the same security assessment capabilities for the still widely deployed previous version of ESX.
I received a courtesy email about the new version from Kim Blogren of Tripwire’s Public Relations. In the email Kim explained the following about the reason for releasing the new version:
“I thought you might be interested to hear that Tripwire has released ConfigCheck for ESX 3.0 to complement our coverage of ESX 3.5. One of the most frequent requests we had concerning Tripwire ConfigCheck was the ability to monitor 3.0. Wanting to make sure that ESX 3.0 admins had the same capabilities to ensure secure configuration of the Hypervisor against the VMware Hardening Guidelines, we added 3.0.x support. In addition, we updated the supporting remediation advice for 3.0 detailing all the steps, if different from ESX 3.5, to get the configurations up to a known and trusted state.”
Additional info about ConfigCheck for ESX 3.0 and ESX 3.5 can be found in the official release announcement on Tripwire’s web site.
“Tripwire, a leader in configuration assessment and change auditing for virtual environments, today announced the availability of Tripwire ConfigCheck™ for VMware ESX 3.0. Tripwire ConfigCheck is a free utility that quickly assesses configuration settings for VMware ESX 3.0 and 3.5 hypervisors, determines potential configuration risks, and provides prescriptive remediation advice so that administrators can ensure greater security.
Tripwire ConfigCheck provides an immediate assessment of the configurations of a VMware ESX hypervisor, comparing them against VMware hardening security guidelines, which are best practice recommendations for optimal security in virtual environments, and provides remediation instructions if any are needed. With Tripwire ConfigCheck, customers gain immediate visibility into risks that might exist in their virtual environment due to misconfiguration and are advised of recommended fixes to any configuration settings that could present future risk.”
Tripwire ConfigCheck and the Tripwire Remediation Guide (in .pdf format) can be downloaded at www.tripwire.com/configcheck. Remediation instructions are offered for each test when using the ConfigCheck tool, but the guide is intended to be a collection of all instructions in a single reference.
