Versions Compared

Old Version 12

changes.mady.by.user Allan Cornwell

Saved on

compared with

New Version Current

changes.mady.by.user Amanda McGown

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This guide will walk through conducting an ESXi version 6.7, 7.0, or 78.0 Benchmark assessment using the CIS-CAT Pro Assessor v4 GUI (Windows only). Assessor utilizes components of VMware PowerCLI to validate settings and gather information during the scan.

For more information on this process, please refer to the Configuration Guide:
https://ccpaciscat-assessor.docs.readthedocscisecurity.ioorg/en/latest/Configuration%20Guide/#vmware-esxi-assessment

Requirements

  • An ESXi 6.7, 7.0, or 78.0 host reachable on port 443 along with administrative or root credentials.

  • PowerShell installed on the Windows system running Assessor
    (included by default in Windows 7 SP1 / Windows Server 2008 R2 and later):
    https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.2

  • The PowerShell VMware.VimAutomation.Core module contained in VMware PowerCLI.

    • Open an administrative PowerShell prompt and enter:
      Install-Module -Name VMware.PowerCLI

    • Verify the installation succeeded with:
      Get-Module VMware.* -listAvailable
      Included in the output list should be the required VMware.VimAutomation.Core module:

Implementation Steps

1

Verify PowerCLI is installed before running CIS-CAT Pro Assessor v4 (see above).

2

Launch Assessor-GUI.exe as Administrator (right-click -> “Run as administrator”).

Image Modified
3

Select the “Advanced” → “Add Remote or Local Target System” option:

Image Modified

4

In the following screen, enter the required prompts.

  • Fill in the “Target System Name” (cannot start with a number, contain spaces or special characters). This entry does not need to match the ESXi hostname and is used for reporting only.

  • Set the “Target System Type” to “Local”

Note

This choice may be counterintuitive (as the target ESXi host is not local),
but is required as the assessment itself is carried out via PowerShell from the local host.

  • Under “Benchmarks”, choose the applicable Benchmark (either ESXi 6.7, 7.0, or

7

  • 8.0)
    as well as your desired Profile level (L1 or L2), then select “Add”.

Image Modified
5

You will be prompted for a connection string to your ESXi host.

Image Modified

Enter your ESXi username (such as root), followed by / and the password, and finally the connection IP or hostname after the @ character. Example:
root/mysecurepassword@192.168.41.60

Select “OK“ followed by “Save” in the bottom right to proceed to the next screen.

6

Review your settings and choose “Next” (no connection test is necessary for this assessment).

Image Modified
7

Under “Report Output Options”, select your desired reporting formats (HTML is recommended) and choose “Next” to launch the ESXi assessment.

Image Modified

CLI & Troubleshooting Steps

...

Note

For continued issues with ESXi assessments, please open a ticket with CIS Product Support including the following information and INFO-level log files:

Diagnostic / debug information to troubleshoot CIS-CAT PRO Pro Assessor v4 issues.

...

 

Copyright © 2022 2024 Center for Internet Security® Privacy Policy

 

Page Properties
hiddentrue

Action

Name(s)

Date

Linked ticket

Created by

Reviewed by

SBP Product Technical Support Team (Amanda McGown Allan Cornwell Amar Malik (Unlicensed) Andrew Dannenberger Chris Boldiston Nick Romanzo Parami Swenson (Unlicensed))

Updated

09/26/24 Amanda McGown

Added v8 to thr list of acceptable hosts

Approved by

Remove by

...