Just found this from Duncan’s blog today and I think is important to share with every VMware administrator. The security hardening reference guides are available from VMware now. You can read the full details from here. I will suggest all the VMware administrator to read this and consider to implement the necessary configuration to secure the virtual infrastructure. These documents are not final yet and still in draft version but I do find it is helpful for everyone to understand and consider about the security hardening from every aspect.
Read more »
You can easily found “how to reset the root password on ESX” articles on the web for an example VMware KB article 1317898, xtravirt, or Petri.
However, unauthorized entry into single user mode is a risk. For security enhancement, you should enable password protect GRUB and enable root password for single user mode on vSphere 4.
How To Enable Root Password for Single User Mode on vSphere 4
- Login to vSphere server as root
- Edit /etc/inittab file
- # vi /etc/inittab
- Insert “~~:S:wait:/sbin/sulogin” and reboot
What is this mean?
man inittab shows
id:runlevels:action:process
id = is a unique sequence of 1-4 characters which identifies an entry in inittab
runlevels = lists the runlevels for which the specified action should be taken
action = describes which action should be taken.
process = specifies the process to be executed.
S = Single user mode
wait = The process will be started once when the specified runlevel is entered and init will wait for its termination.
- You should be able to see password prompt during single user mode boot up
Read more »
