7/23/2019 VMWare Hardened Appliance Operations Guide

1/16

Hardened Virtual ApplianceOperations Guide

Securing the Appliance Base Platform to Meet High Governance

Requirements

V M W A R E W H I T E P A P E R

7/23/2019 VMWare Hardened Appliance Operations Guide

2/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

Table of Contents

Introduction......................................................................................... 3Purpose.............................................................................................. 4Root password.................................................................................... 4Password Expiry................................................................................. 5Dodscript.sh Script.............................................................................. 6

Secure Shell, Administrative Accounts, and Console Access............ 8

Time Sourcing and Synchronization................................................. 10Log Forwarding Syslog-ng and Auditd........................................... 12Boot Loader (Grub) Password.......................................................... 15NFS and NIS..................................................................................... 16

7/23/2019 VMWare Hardened Appliance Operations Guide

3/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

Introduction

"#$ %&'()*+ *,,+&*-.$ /$(#01 02 1$,+03/$-( 20' 456*'$ 1*(*.$-($' ,'01).(7 ,'0%&1$7

.)7(0/$'7 6&(# (#$ *8&+&(3 (0 '*,&1+3 1$,+03 *-1 .0-2&9)'$ &-2'*7(').()'$ .0/,0-$-(7:

;-$ 02 (#$ 0'&9&-*+ .#*++$-9$7 6&(# (#$ %&'()*+ *,,+&*-.$ /01$+ 6*7 (#$ +*.< 02 *

7(*-1*'1&=$1 7$.)'&(3 ,0+&.3 *.'077 (#$ '$+$*7$1 ,'01).( +*-17.*,$: >- ?@ABC *

1$%$+0,/$-( $220'( 6*7 +*)-.#$1 (0 7(*-1*'1&=$ (#$ 7$.)'&(3 ,'02&+$ 02 456*'$

,'01).$1 %&'()*+ *,,+&*-.$7 (0 * ($.#-&.*+ 7(*-1*'1 (#*( 60)+1 /$$( 0' $D.$$1 .)''$-(

#&9#E90%$'-*-.$ .0/,+&*-.$ '$F)&'$/$-(7 20)-1 &- %*'&0)7 %$'(&.*+ /*'MNMOL

J&'$.(0' 02 N$-('*+ >-($++&9$-.$ J&'$.(&%$ KJN>JL PQB 20' HI >-($++&9$-.$ M9$-.&$7

R$1SM5O

T>OMM

ON>EJII

"#$ (60 /07( .0//0- '$2$'$-.$7 20' &/,+$/$-(&-9 ($.#-&.*+ 7$.)'&(3 '$F)&'$/$-(7 *'$

(#$ U>I" V@@:WB *-1 (#$ HI J$,*'(/$-( 02 J$2$-7$ >-20'/*(&0- I37($/7 M9$-.3 KJ>IML

I$.)'&(3 "$.#-&.*+ >-20'/*(&0- X)&1$7 KI">XL: "#$ +*($7( &($'*(&0- 02 (#$ I">XC .*++$1 (#$

I$.)'&(3 S$F)&'$/$-(7 X)&1$ KISXLC &7 *- $220'( 83 J>IM (0 /$'9$ 80(# (#$ U>I" V@@:WB

*-1 (#$ I">X 9)&1*-.$ &-(0 * 7&-9+$ 7$.)'&(3 9)&1$ (#*( .'077E'$2$'$-.$7 80(# 7$(7 02

($.#-&.*+ '$F)&'$/$-(7: >- ?@AB 456*'$ .0//$-.$1 (#$ ,'0.$77 02 (#$ ,'01).(&0- 02(#$ 456*'$ 4&'()*+ M,,+&*-.$ ;I ISX I">XC (0 ,'0%&1$ .)7(0/$'7 6&(# (#$ 9)&1*-.$

-$.$77*'3 (0 /$$( 0' $D.$$1 *-3 #&9#E90%$'-*-.$ .0/,+&*-.$ '$F)&'$/$-(:

>- ,*'*++$+C 456*'$ 8$9*- *- $220'( (0 7(*-1*'1&=$ (#$ 1$+&%$'3 02 (#$ %&'()*+ *,,+&*-.$

,+*(20'/ 83 $/8$11&-9 (#$ ($.#-&.*+ '$F)&'$/$-(7 02 (#$ I">X &- (#$ 1$7&9-: "#$ $-1

'$7)+( &- ?@AB &7 (#$ '$+$*7$ 02 AY #*'1$-$1 %&'()*+ *,,+&*-.$7 *.'077 Z ,'01).(7 (#*(

.+07$ ZAEZW[ 02 (#$ &1$-(&2&$1 ,+*(20'/ %)+-$'*8&+&(&$7 &- .01$G

%N$-($' I$'%$' 4&'()*+ M,,+&*-.$ W:W K4N4ML

%N$-($' ;'.#$7('*(0' W:W K%N;%*L %N$-($' ;,$'*(&0-7 5*-*9$' W:\:A K%N;O7L

%N$-($' >-2'*7(').()'$ U*%&9*(0' ?:@ K4>UL

%N+0)1 M)(0/*(&0- N$-($' 4&'()*+ M,,+&*-.$ P:@ K%NMN%*L

%N$-($' 5*-*9$/$-( M77&7(*-( K%5ML

456*'$ ]09 >-7&9#( A:@

T0'&=0- 0'

7/23/2019 VMWare Hardened Appliance Operations Guide

4/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

%N+0)1 N0--$.(0' ?:W:A K%NNL

Purpose

"#$ ,)',07$ 02 (#$ #*'1$-$1 %&'()*+ *,,+&*-.$ 0,$'*(&0-7 9)&1$ &7 (0 *11'$77 (#$

'$/*&-&-9 ($.#-&.*+ '$F)&'$/$-(7 (#*( *'$ 7&($E7,$.&2&. 1$.&7&0-7 '$F)&'$1 (0 /$$( (#$

I">X: "#&7 10.)/$-( &7 &-($-1$1 20' *1%*-.$1 +$%$+ *1/&-&7('*(0'7C *-1 7#0)+1 8$ '$*1

8$20'$ 1$,+03&-9 #*'1$-$1 %&'()*+ *,,+&*-.$7 &- * ,'01).(&0- $-%&'0-/$-(:

Root password

507( #*'1$-$1 *,,+&*-.$7 6&++ $&(#$' *++06 (#$ /01&2&.*(&0- 02 (#$ '00( ,*7760'1

1)'&-9 &-&(&*+ 7$(),C 0' 6&++ 8$ ,'$E&-7(*++$1 6&(# (#$ '00( ,*7760'1 7$( (0 _%/6*'$`: >( &7

#&9#+3 '$.0//$-1$1 (0 .#*-9$ (#$ '00( ,*7760'1 20' 80(# ,*7760'1 .0/,+$D&(3 *-1

(#$ .'3,(09'*,#&. #*7#&-9 (0 /$$( I">X .0/,+&*-.$:

!"#$G >- 70/$ .*7$7 +&L )7$' &-($'2*.$: %N;O7 *+70

,'0%&1$7 (#$ *8&+&(3 (0 /01&23 (#$ '00( ,*7760'1 (#'0)9# * .)7(0/$' *1/&- &-($'2*.$: >2

1$,+03&-9 0-$ 02 (#$7$ *,,+&*-.$7C ,+$*7$ .0-7)+( (#$ *1/&-Q)7$' 9)&1$ 20' (#$ 7,$.&2&.

,'01).( 0- #06 (0 /01&23 (#$ '00( ,*7760'1:

"0 .#*-9$ (#$ '00( ,*7760'1 *( (#$ .0//*-1 +&-$C )7$ (#$ .0//*-1 _,*7761` *( (#$

'00( 7#$++ 02 (#$ *,,+&*-.$:

!"#$G (#$ '00( )7$' 83,*77$7 (#$ ,*/a.'*.( &7 &/,$'*(&%$ (0 /*-)*++3 $-7)'$ (#*( (#$

'00( ,*7760'1 /$$(7 (#$ .0',0'*($ ,*7760'1 .0/,+$D&(3 '$F)&'$/$-(7 02 30)'

0'9*-&=*(&0-:

"0 .#$.< (#$ #*7# 02 (#$ '00( ,*7760'1C *7 '00(G

7/23/2019 VMWare Hardened Appliance Operations Guide

5/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

b /0'$ Q$(.Q7#*106

"#$ ,*7760'1 2&$+1 &7 (#$ 7$.0-1 2&$+1 02 (#$ 7#*106 2&+$: >2 *..0)-( ,*7760'17 7(*'(6&(# cdPdeC (#$- (#$ ,*7760'1 &7 )7&-9 * 7#*WA? #*7#: "#&7 &7 (#$ 7(*-1*'1 #*7# 20' *++

#*'1$-$1 *,,+&*-.$7: >2 (#$ '00( ,*7760'1 10$7 -0( .0-(*&- * 7#*WA? #*7#C ')- (#$

_,*7761` .0//*-1 (0 .#*-9$ &(:

!"#$G M++ #*'1$-$1 *,,+&*-.$7 $-*8+$ c$-20'.$a20'a'00(e 20' (#$ ,6a#&7(0'3 /01)+$

K20)-1 &- Q$(.Q,*/:1Q.0//0-E,*7760'1LC 70 (#$ +*7( 2&%$ ,*7760'17 6&++ 8$

'$/$/8$'$1 83 1$2*)+(: ;+1 ,*7760'17 *'$ 7(0'$1 20' $*.# )7$' &- (#$

Q$(.Q7$.)'&(3Q0,*7761 2&+$: "0 '$E)7$ (#$ 7*/$ ,*7760'1C 1$+$($ (#$ $-('3 20' (#$ '00(

)7$' &- (#$ 2&+$: S$E)7&-9 (#$ 7*/$ ,*7760'1 &7 -0( '$.0//$-1$1 0-.$ (#$ 737($/ &7 &-

,'01).(&0-:

Password Expiry

"0 /$$( (#$ .0/,+&*-.$ 7(*-1*'1 02 (#$ I">XC )7$' *..0)-(7 7#0)+1 8$ 7$( (0 P@ 1*37C

*-1 7$'%&.$ *..0)-(7 .*- 8$ 7$( (0 BPW 1*37: M++ #*'1$-$1 *,,+&*-.$7 *'$ 7$( (0 .'$*($

*..0)-(7 6&(# * P@ 1*3 ,*7760'1 $D,&'3 83 1$2*)+(: ;- /07( #*'1$-$1 *,,+&*-.$7C (#$

'00( *..0)-( &7 7$( (0 * BPW 1*3 ,*7760'1 $D,&'3: >( &7 #&9#+3 '$.0//$-1$1 (0 .#$.< (#$

$D,&'3 0- *++ *..0)-(7 (0 /$$( 80(# 7$.)'&(3 *-1 0,$'*(&0- '$F)&'$/$-(7 7(*-1*'17:

!"#$G M7 ,*'( 02 *- 0'9*-&=*(&0-`7 .0/,+&*-.$ ,0+&.&$7C * ,'0.$1)'$ 7#0)+1 8$

&/,+$/$-($1 (0 $-7)'$ (#*( *1/&-&7('*(0'7 10 -0( 20'9$( (0 .#*-9$ (#$&' ,*7760'17

6&(#&- (#$ *.(&%$ ,$'&01: >2 (#$ '00( *..0)-( $D,&'$7C (#$'$ 6&++ 8$ -0 /$(#01 &- (#$

*,,+&*-.$ (0 '$E&-7(*($ (#$ '00( ,*7760'1: >( &7 &/,$'*(&%$ (#*( 7&($E7,$.&2&. ,0+&.&$7 *'$

&/,+$/$-($1 (0 ,'$%$-( *1/&-&7('*(&%$ *-1 '00( ,*7760'17 2'0/ $D,&'*(&0-:

7/23/2019 VMWare Hardened Appliance Operations Guide

6/16

7/23/2019 VMWare Hardened Appliance Operations Guide

7/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

501&2&$7 (#$ 1$2*)+( 8*--$' 20' (#$ *,,+&*-.$ 6$+.0/$7.'$$- *-1 IIT (0 (#$

J$,*'(/$-( 02 J$2$-7$ *,,'0%$1 8*--$'

KQ0,(Q%/6*'$Q$(.Q&7%Q6$+.0/$($D(J0J K0' 6$+.0/($D(:($/,+*($ 0- %N4ML 20'

(#$ .0-70+$ 8*--$' *-1 Q$(.Q&77)$:J0J 20' (#$ IIT 8*--$'L:

"0 $-*8+$ (#&7 .0-2&9)'*(&0-C *7 '00(C ')- (#$ 20++06&-9 .0//*-17G

b .1 Q$(.

b :Q1017.'&,(:7#

!"#$G "#$ 8*--$' 2&+$7 .*- 8$ /01&2&$1 (0 7),,0'( -0-EJ0J .)7(0/$' 8*--$'7: g&(#$'

$1&( (#$ *80%$ 2&+$7 +&7($1 20' (#$ .0-70+$ *-1 IIT 8*--$'7C 0' .'$*($ * 7$,*'*($ 2&+$ *-1

)7$ * 73/80+&. +&-< (0 *.(&%*($ (#$ 8*--$' 6&(# (#$ 20++06&-9 .0//*-17 K&- (#&7

$D*/,+$C (#$ -$6 2&+$7 *'$ 6$+.0/$($D(:NHI";5 *-1 &77)$:NHI";5LG

b '/ Q0,(Q%/6*'$Q$(.Q&7%Q6$+.0/$($D(

b +- f7 Q0,(Q%/6*'$Q$(.Q&7%Q6$+.0/($D(:NHI";5 Q0,(Q%/6*'$Q$(.Q&7%Q6$+.0/$($D(

b '/ Q$(.Q&77)$

b +- f7 Q$(.Q&77)$:NHI";5 Q$(.Q&77)$

R0' %N4MC '$,+*.$ (#$ Q0,(Q%/6*'$Q$(.Q&7%Q6$+.0/$($D(:($/,+*($ 6&(# (#$ ,'$2$''$1

.0-70+$ 8*--$' ($D(:

7/23/2019 VMWare Hardened Appliance Operations Guide

8/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

Secure Shell, Administrative Accounts, and Console

Access

R0' '$/0($ .0--$.(&0-7C *++ #*'1$-$1 *,,+&*-.$7 &-.+)1$ (#$ I$.)'$ I#$++ KIITL:

h$.*)7$ /*-3 *,,+&*-.$7 10 -0( &-.+)1$ 1$2*)+( )7$' *..0)-(7C (#$ '00( *..0)-( /*3

7(&++ 8$ *8+$ (0 1&'$.(+3 +09&- %&* IIT: "0 /$$( (#$ .0/,+&*-.$ 7(*-1*'17 20' -0-E

'$,)1&*(&0-C (#$ IIT 7$'%$' 0- *++ #*'1$-$1 *,,+&*-.$7 .0/$7 ,'$.0-2&9)'$1 6&(# (#$

cM++06X'0),7 6#$$+e $-('3 (0 '$7('&.( 77# *..$77 (0 (#$ 7$.0-1*'3 9'0), 6#$$+:

!"#$G R0' 7$,*'*(&0- 02 1)(&$7C (#$ cM++06X'0),7 6#$$+e $-('3 .*- 8$ /01&2&$1 &-

Q$(.Q77#Q77#1a.0-2&9 (0 )7$ *-0(#$' 9'0), K7).# *7 77#1L: "#$ 6#$$+ 9'0), &7 $-*8+$1

6&(# (#$ ,*/a6#$$+ /01)+$ 20' 7) *..$77C 70 /$/8$'7 02 (#$ 6#$$+ 9'0), *'$ *++06$1(0 7) f (0 '00( K,*7760'1 20' '00( &7 '$F)&'$1L: X'0), 7$,*'*(&0- ,'0%&1$7 * /$(#01 20'

)7$'7 (0 77# (0 (#$ *,,+&*-.$C 8)( -0( #*%$ (#$ *8&+&(3 (0 7) (0 '00(: J0 -0( '$/0%$ 0'

/01&23 0(#$' $-('&$7 &- (#$ M++06X'0),7 2&$+1 (0 $-7)'$ ,'0,$' *,,+&*-.$ 2)-.(&0-*+&(3:

M-3 .#*-9$ 6&++ '$F)&'$ * '$7(*'( 02 (#$ 77# 1*$/0- Kb 7$'%&.$ 77#1 '$7(*'(L:

O'&0' (0 '$/0%&-9 '00( IIT *..$77C .'$*($ +0.*+ *1/&-&7('*(&%$ *..0)-(7 (#*( .*- 80(#

)7$ 77# *-1Q0' *'$ /$/8$'7 02 (#$ 7$.0-1*'3 6#$$+ 9'0),: "0 .'$*($ * +0.*+ *..0)-(

0- (#$ *,,+&*-.$C ')- (#$ 20++06&-9 .0//*-1 *7 '00(G

b )7$'*11 f9 )7$'7 fX 6#$$+ f1 Q#0/$Q!"#$%&'#f/ f7 Q8&-Q8*7# !"#$%&'#

KI)87(&()($ c6#$$+e 20' (#$ 9'0), 7,$.&2&$1 &- M++06X'0),7 20' 77# *..$77: "0 *11/)+(&,+$ 7$.0-1*'3 9'0),7C )7$ fX 6#$$+C77#1L

b ,*7761 !"#$%&'#

I6&(.# (0 (#$ )7$' (0 ,'0%&1$ * -$6 ,*7760'1 70 (#*( ,*7760'1 .0/,+$D&(3 .#$.2 (#$ ,*7760'1 .0/,+$D&(3 &7 /$(C (#$ .#*-9$ 02 (#$ ,*7760'1 6&++ .0/,+$($

7)..$772)++3: >2 (#$ ,*7760'1 .0/,+$D&(3 &7 -0( /$(C &( 6&++ '$%$'( 8*.< (0 (#$ 0'&9&-*+

,*7760'1C 70 '$E')- (#$ .0//*-1 (0 7$( * .0/,+&*-( ,*7760'1 20' (#$ )7$':

;-.$ +09&- *..0)-(7 *'$ .'$*($1 (0 *++06 IIT '$/0($ *..$77 *-1 6#$$+ *..$77 K7) f

'00(LC (#$ '00( *..0)-( .*- 8$ '$/0%$1 2'0/ 80(# IIT 1&'$.( +09&- 1&'$.( +09&-:

7/23/2019 VMWare Hardened Appliance Operations Guide

9/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

!"#$G J0 -0( /01&23 (#$ O$'/&(S00(]09&- 7$((&-9 0- %N;O7 *,,+&*-.$ %M,,:

O'&0' (0 1&7*8+&-9 1&'$.( '00( *..$77C (#0'0)9#+3 ($7( (0 $-7)'$ (#*( *)(#0'&=$1

*1/&-&7('*(0'7 .*- *..$77 77# K%&* M++06X'0),7L *-1 .*- 7) (0 '00( K%&* 6#$$+ 9'0),L:

"0 '$/0%$ 1&'$.( '00( +09&- (0 77#C /01&23 (#$ Q$(.Q77#Q77#1a.0-2&9 2&+$ 6&(# (#$ %&

$1&(0'C *-1 '$,+*.$ (#$ $-('3G

KbLO$'/&(S00(]09&- 3$7

6&(#G

O$'/&(S00(]09&- -0

S$7(*'( (#$ 77#1 7$'%&.$G

b 7$'%&.$ 77#1 '$7(*'(

IIT *..$77 7#0)+1 *+70 8$ '$7('&.($1 6&(# (#$ ,'0,$' $-('&$7 (0 +&/&( *..$77: M++ 456*'$

%&'()*+ *,,+&*-.$7 &-.+)1$ (#$ (.,a6'*,,$'7 ,*.

7/23/2019 VMWare Hardened Appliance Operations Guide

10/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

Time Sourcing and Synchronization

M++ #*'1$-$1 *,,+&*-.$7 &-.+)1$ *( +$*7( (60 /$.#*-&7/7 20' (&/$ 73-.#'0-&=*(&0-G

%/(00+7 *-1 (#$ -(, 7$'%&.$: >( &7 '$.0//$-1$1 (#*( %&'()*+ *,,+&*-.$7 )7$ -(, (0

73-.#'0-&=$ 20' (&/$ 7$-7&(&%$ $-%&'0-/$-(7:

!"#$G "#$ #*'1$-$1 %N$-($' I$'%$' M,,+&*-.$ *++067 (&/$ (0 8$ .0-2&9)'$1 6&(# (#$

4M5> )7$' &-($'2*.$: O+$*7$ '$2$' (0 (#$ %N$-($' I$'%$' M,,+&*-.$ *1/&-&7('*(&0- 9)&1$

0- #06 (0 .0-2&9)'$ (&/$ 7$'%&.$7:

&'())*+G "&/$ 70)'.&-9 6&(# %/(00+7 )7$7 (#$ (&/$ 02 (#$ gIn& #07( 20'

73-.#'0-&=*(&0-: "0 %$'&23 %/(00+7 (&/$ 73-.#'0-&=*(&0-C +09 &-(0 (#$ %N$-($' 7$'%$'

6$8 .+&$-( K#((,7GQQ&,a02a%.$-($'a7$'%$'GZYYBL: H-1$' %N$-($'C -*%&9*($ (0 (#$ %&'()*+

/*.#&-$C '&9#( .+&.< (#$ (*'9$($1 45C *-1 7$+$.( cg1&( I$((&-97oe

7/23/2019 VMWare Hardened Appliance Operations Guide

11/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

I$+$.( (#$ c45 ;,(&0-7e (*8C (#$- .+&.< 0- (#$ c456*'$ "00+7e 1'0, 106- /$-) (0

$D,07$ (#$ c"&/$e 2&$+1: >2 (#$ cI3-.#'0-&=$ 9)$7( (&/$ 6&(# #07(e 80D &7 .#$.

7/23/2019 VMWare Hardened Appliance Operations Guide

12/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

R0' $D*/,+$G

7$'%$' (&/$:-&7( 90% 8)'7( &8)'7(

M11 (#$ -)/8$' 02 +0.*+ *-1 .$-('*+&=$1 (&/$ 70)'.$7 *7 '$F)&'$1 20' (#$ .0/,+&*-.$

7(*-1*'1 02 (#$ 0'9*-&=*(&0-: R0' (')7($1 (&/$ 70)'.&-9C (#$ c

7/23/2019 VMWare Hardened Appliance Operations Guide

13/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

"0 $-*8+$ 20'6*'1&-9 02 737($/ +097C /01&23 (#$ .0-2&9)'*(&0- 2&+$ 02 (#$ 737+09 7$'%$' (0

7,$.&23 (#$ ,'0(0.0+C &, *11'$77C *-1 ,0'( 02 (#$ .$-('*+ +09 7$'%$': "#$ 737+09

.0-2&9)'*(&0- 2&+$ &7 +0.*($1 &- Q$(.Q737+09E-9Q737+09E-9:.0-2: H7&-9 (#$ %& $1&(0' *7 '00(C

2&-1 (#$ 20++06&-9 (60 +&-$7G

b1$7(&-*(&0- +097$'%$' p )1,KqA@:A@:A@:A@q ,0'(KWAYLLr sr

b+09 p 70)'.$K7'.Lr 1$7(&-*(&0-K+097$'%$'Lr sr

H-.0//$-( (#$ (60 +&-$7C *-1 /01&23 (#$ 2&$+17: >- (#&7 $D*/,+$C )7&-9 (., *7 (#$

('*-7,0'(C A@:A@:A@:A@ *7 (#$ >O 02 (#$ .$-('*+ 737+09 7$'%$'C *-1 ,0'( WAY *7 (#$ 737+09

.$-('*+ 7$'%$' ,0'(C (#$ $-('3 60)+1 8$G

1$7(&-*(&0- +097$'%$' p (.,KqA@:A@:A@:A@q ,0'(KWAYLLr sr

+09 p 70)'.$K7'.Lr 1$7(&-*(&0-K+097$'%$'Lr sr

S$7(*'( (#$ 7$'%&.$ *7 '00( (0 &-.0',0'*($ (#$ .#*-9$G

b 7$'%&.$ 737+09 '$7(*'(

!"#$G g-7)'$ (#*( (#$ 2&'$6*++ *++067 *..$77 (0 (#$ ,0'( 7,$.&2&$1 20' (#$ 737+09

1$7(&-*(&0- +09 7$'%$':

R0' *)1&(1 20'6*'1&-9C (#$ %N$-($' 4&'()*+ M,,+&*-.$ &-.+)1$7 (#$ *)1&7,E'$/0($

,*.2 7$,*'*(&0- 02

(#$ (60 +099&-9 7$'%&.$7 &7 ,'$2$''$1C (#$ *)1&( 1*$/0- '$/0($ .0-2&9)'*(&0- 2&+$ &7+0.*($1 &- Q$(.Q*)1&7,Q*)1&7,E'$/0($:.0-2 (0 ,'0%&1$ (#$ -$.$77*'3 .0-2&9)'*(&0-

7$((&-97 (0 20'6*'1 *)1&( +097 (0 * .$-('*+&=$1 *)1&( 7$'%$': H7&-9 (#$ %& $1&(0' *7 '00(C

$1&( (#$ 20++06&-9 $-('&$7G

'$/0($a7$'%$' t &,a02a'$/0($a*)1&(a7$'%$'

,0'( t ,0'( 02 *)1&(1 .$-('*+ 7$'%&.$

('*-7,0'( t ,'0(0.0+ 20' ('*-72$''&-9 *)1&( +097

>- (#&7 $D*/,+$C )7&-9 (., *7 (#$ ('*-7,0'(C A@:A@:A@:A@ *7 (#$ >O 02 (#$ *)1&(1 .$-('*+

7$'%$'C *-1 ,0'( P@C (#$ $-('&$7 60)+1 8$G

'$/0($a7$'%$' t A@:A@:A@:A@

,0'( t P@

('*-7,0'( t (.,

S$7(*'( (#$ 7$'%&.$ *7 '00( (0 &-.0',0'*($ (#$ .#*-9$G

b 7$'%&.$ *)1&(1 '$7(*'(

7/23/2019 VMWare Hardened Appliance Operations Guide

14/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

!"#$G g-7)'$ (#*( (#$ 2&'$6*++ *++067 *..$77 (0 (#$ ,0'( 7,$.&2&$1 20' (#$ *)1&(1

1$7(&-*(&0- +09 7$'%$':

R0' *++ 0(#$' #*'1$-$1 *,,+&*-.$7C (#$ 737+09 '$/0($ ,+)9&- &7 ,'0%&1$1 (0 20'6*'1 *++

*)1&( +097 (0 (#$ 737+09E-9 7$'%&.$: "#$ .0-2&9)'*(&0- 2&+$ &7 +0.*($1 &-

Q$(.Q*)1&7,Q,+)9&-7:1Q737+09:.0-2: H7&-9 (#$ %& $1&(0' *7 '00(C $1&( (#$ $-('3G

*.(&%$ t -0

(0G

*.(&%$t3$7

"#&7 6&++ 20'6*'1 *++ *)1&( +097 (0 Q%*'Q+09Q/$77*9$7:

S$7(*'( (#$ 7$'%&.$ *7 '00( (0 &-.0',0'*($ (#$ .#*-9$G

b 7$'%&.$ *)1&(1 '$7(*'(

!"#$G ^#$- )7&-9 (#$ #&9# 90%$'-*-.$ *)1&( ')+$7C (#$'$ &7 *- &-.'$*7$ &- (#$ */0)-(

02 +099&-9 ('*22&. (#*( /*3 6*''*-( '$.0-2&9)'*(&0- 02 80(# (#$ Fa1$,(# *-1 (#$

,'&0'&(3a8007( 02 (#$ *)1&( 1&7,*(.#$' 1*$/0-: "#$ .0-2&9)'*(&0- 2&+$ &7 +0.*($1 &-

Q$(.Q*)1&7,Q*)1&7,1:.0-2: H7&-9 (#$ %& $1&(0' *7 '00(C $1&( (#$ 20++06&-9 $-('&$7G

Fa1$,(# t V@ K'$.0//$-1*(&0- 20' #&9# 90%$'-*-.$ *)1&( +097 &7 *( +$*7( A?V@L

,'&0'&(3a8007( t Y K'$.0//$-1*(&0- 20' #&9# 90%$'-*-.$ *)1&( +097 &7 *( +$*7( VL

S$7(*'( (#$ 7$'%&.$ *7 '00( (0 &-.0',0'*($ (#$ .#*-9$G

b 7$'%&.$ *)1&(1 '$7(*'(

!"#$G ^#$- )7&-9 (#$ #&9# 90%$'-*-.$ *)1&( ')+$7C (#$'$ &7 *- &-.'$*7$ &- (#$ 7&=$ 02 +09

2&+$7: "0 1$.'$*7$ (#$ -)/8$' 02 7(0'$1 +097 0- (#$ #*'1$-$1 *,,+&*-.$7 K(#&7 *77)/$7

+09 20'6*'1&-9 #*7 8$$- .0-2&9)'$1LC .)7(0/$'7 .*- ()-$ (#$ -)/8$' 02 1*&+3 +09 2&+$7

7(0'$1 83 /01&23&-9 (#$ '0(*(&0- -)/8$': M++ +09 '0(*(&0- .0-2&9)'*(&0-7 *'$ 7(0'$1 &-

Q$(.Q+09'0(*($:1:

"0 .0-('0+ (#$ -)/8$' 02 7(0'$1 1*&+3 +09 2&+$7 20' 737+09C $1&( (#$ Q$(.Q+09'0(*($:1Q737+092&+$ *7 '00(: 501&23 *++ 02 (#$ c'0(*($ AWe $-('&$7 6&(# (#$ %& $1&(0' (0 (#$ -)/8$' 02

1*37 (0 7(0'$ +0.*+ +097: "#$ '$.0//$-1$1 -)/8$' 02 1*37 20' .$-('*+&=$1 +09 7$'%&.$7

&7 *( +$*7( \:

"0 .0-('0+ (#$ -)/8$' 02 7(0'$1 1*&+3 +09 2&+$7 20' (#$ *)1&( 1*$/0-C $1&( (#$

Q$(.Q+09'0(*($:1Q*)1&( 2&+$ *7 '00(: 501&23 (#$ c'0(*($ AWe $-('3 6&(# (#$ %& $1&(0' (0 (#$

7/23/2019 VMWare Hardened Appliance Operations Guide

15/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

-)/8$' 02 1*37 (0 7(0'$ +0.*+ *)1&( +097: "#$ '$.0//$-1$1 -)/8$' 02 1*37 20'

.$-('*+&=$1 *)1&( +09 7$'%&.$7 &7 *( +$*7( \:

Boot Loader (Grub) Password

M++ #*'1$-$1 *,,+&*-.$7 #*%$ (#$ *8&+&(3 (0 ,'0($.( (#$ *,,+&*-.$ 6&(# * ,*7760'1 20'

/01&2&.*(&0- 02 (#$ 1$2*)+( 800( 7$((&-97: "0 %$'&23 &(`7 .0-2&9)'*(&0-C '$*1 (#$

Q800(Q9')8Q/$-):+7( 2&+$: "#$ (#&'1 +&-$ 7#0)+1 .0-(*&-G

,*7760'1 EE/1W dAdK20++06$1 83 *11&(&0-*+ .#*'*.($'7L

"0 .#*-9$ 0' *11 * ,*7760'1 20' X')8C ')- (#$ 20++06&-9 ,'0.$1)'$ *7 '00(G

b 9')8

"#$ 9')8 7#$++ 6&++ *,,$*':

S)- (#$ c/1W.'3,(e .0//*-1 (0 .'$*($ (#$ #*7#$1 ,*7760'1: ;-.$ 30) (3,$ &- *

,*7760'1C (#$ #*7# 6&++ 8$ ,'$7$-($1: N0,3 (#$ ,*7760'1: S)- (#$ cF)&(e .0//*-1 (0

'$()'- (0 (#$ '00( 7#$++:

7/23/2019 VMWare Hardened Appliance Operations Guide

16/16

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com

Copyright 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents

VM i i t d t d k t d k f VM I i th U it d St t d/ th j i di ti All th k d ti d h i b t d k f th i ti i

H7$ (#$ %& $1&(0' *7 '00( (0 /01&23 (#$ Q800(Q9')8Q/$-):+7( 2&+$: M11 (#$ 20++06&-9 (0(#$ (#&'1 +&-$ 02 (#$ 2&+$G

,*7760'1 EE/1W './0&"0

O*7($ (#$ /1W $-.'3,($1 #*7# (0 (#$ $-1 02 (#$ $-('3C *-1 7*%$ (#$ 2&+$:

NFS and NIS

M++ #*'1$-$1 *,,+&*-.$7 .0/$ ,'$,*.2 -$&(#$' 02 (#$ (60 7$'%&.$7 *'$

'$F)&'$1C &( &7 '$.0//$-1$1 (#*( (#$3 *'$ 1&7*8+$1: "0 1&7*8+$ (#$ 7$'%&.$7 &- (#$

#*'1$-$1 %&'()*+ *,,+&*-.$7C ')- (#$ 20++06&-9 7$( 02 .0//*-17 *7 '00(G

b .#