3 Replies Latest reply on Jul 22, 2010 5:39 PM by dcundiff

    MVM scan of VMware ESX hosts

      Hello, I'm fairly new to the Foundstone / MVM appliance. I'm still in the process of implementing an MVM in our environment. Most platform scanning is no problems; Windows workstation / server scans and network device scans are all working and I'm cleaning up the reporting to eliminate what I don't want. I now need to know how to set up scanning of our VMware ESX hosts.

       

      The account permissions are what has got me stuck. I know the scan work similar to the Cisco IOS scans, but what I'm looking for is some advise on how to set up the login account for the VMware hosts to allow the scan to run ... without making it a full blown administrator.

       

      Can anyone provide some guidance?

       

      Cheers

       

      MattieP

        • 1. Re: MVM scan of VMware ESX hosts
          jhaynes

          Hi Mattie,

          Take a look at this KB54752 which I think will answer all of your questions.

           

          You can locate the KB system at this link.  https://mysupport.mcafee.com/Eservice/templatepage.aspx?sURL=3#

           

           

          Jeff Haynes

          1 of 1 people found this helpful
          • 2. Re: MVM scan of VMware ESX hosts

            Hi Jeffrey,

             

            Thanks for the response. As it turns out, this is the same response Support gave me when I logged a case for it. I'm looking for some more specific information for VMware ESX in particular.

             

            What I guess I'm really after is details from someone who has actually set this up for ESX scanning and how they have created the login, etc, etc.

             

            Cheers

            • 3. Re: MVM scan of VMware ESX hosts

              Mattie,

               

                 There isn't a specific way for us to assure you that you will identify as many vulns as MVM is capable of without providing root access.  The more access the MVM system has the more likely it is to identify vulnerabilities.  Even with ESX there is plenty of customization options, so the definitive way to be assured that you are providing the most accurate data is with root.  But MVM is also meant to be flexible enough for administrators to mold it to their needs.  That is why we provide the list of commands which MVM could run in any of our scripts which may be identified for that system.  It is up to you to determine how much or how little access you would like to grant to the system, for the user account you have working with MVM.  I hope this helps, there really is no exact answer, but hopefully we have provided you with the information necessary for you to be able to meet the needs of your particular environment.

               

              Dave