So I have been reading the VMware security hardening guide(http://blogs.vmware.com/security/2008/07/update-to-vi3-s.html) and I came across several interesting notes. This one caught my eye:
"Virtual machines can write troubleshooting information to a virtual machine log file (vmware.log) stored on the VMware VMFS volume used to store other files for the virtual machine. Virtual machine users and processes can be configured to abuse the logging function, either intentionally or inadvertently, so that large amounts of data flood the log file. Over time, the log file can consume so much of the ESX/ESXi host’s file system space that it fills the hard disk, causing an effective denial of service as the datastore can no longer accept new writes."
So, I decided to write some code that would do just that. There are many many ways to achieve this, one of them being a script that invokes the xferlog program that comes with VMware tools. This method also caused about 50% of the cpu resources to be consumed on the host. It was necessary to throttle my script back a little though or else it sets off an alarm on the host and stops the logging process. But, with the throttled script I can fill about .5Mb/min of disk space.
Attack mitigation:
Use the following VM settings:
log.rotateSize 100000
log.keepOld 10
or
Isolation.tools.log.disable true
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment