Mondoo

A Complete Guide to Easy VMWare Patch Management

Patch management is the process of distributing and applying updates to software, crucial for security, compliance, and system uptime. Mondoo offers a solution to identify missing patches and facilitate their deployment across your infrastructure, ensuring a robust security posture.

Patrick Münch
Patrick Münch
·13 min read·
A Complete Guide to Easy VMWare Patch Management

What is patch management?

Patch management is the process of distributing and applying updates to software, such as operating systems (OS), platforms, and applications. It involves identifying out-dated software within your infrastructure, applying patches to that software, and validating the installation of those patches. These patches are often necessary to fix errors in the software, which are often referred to as vulnerabilities or bugs.

Why is patch management important?

Patch management is important for three main reasons:

  • Security: Patch management fixes vulnerabilities in your software (OS, platform, application) that are susceptible to exploitation. It helps your organization to reduce the risk of cyberattacks.
  • Compliance: Organizations are often required by regulators to follow strict guidelines because of the constant increase in cyberattacks. Patch management is a necessary part of complying to certain standards, such as PCI DSS, HIPAA, SOC 2, ISO 27001, or BSI.
  • System uptime: Patch management ensures your software is kept up-to-date and running smoothly without errors causing system downtime.

Finding missing patches with Mondoo

As a part of its full-stack security solution, Mondoo identifies what important patches are missing from your systems. For this blog post, I set up some vagrant Linux machines with out-of-date operating systems. I'll use them to walk through some different ways that Mondoo shows you the patches needed.

Prerequisite: Please create a free account on console.mondoo.com.

Find missing patches using Mondoo Client

Install and register Mondoo Client on Linux or Windows systems. Also, you can use the Mondoo VMware appliance. For this blog post, I will use the Mondoo VMware appliance.

  1. Follow our documentation to deploy the Mondoo VMware appliance.

  2. Register Mondoo Client:

a. Log into your account at console.mondo.com.

unnamed-3

b. Go to the INTEGRATIONS page, scroll to Cloud Security, and select VMware.

unnamed (1)-2

c. Find the Install Mondoo Client box. Copy the CLI commands Mondoo provides and paste them into the shell of the Mondoo VMware appliances.

Bash
export MONDOO_REGISTRATION_TOKEN="eyJhbGciOiJFUzM4NCIsInR5cCI6IkpXVCJ9..."
sudo mondoo register -t $MONDOO_REGISTRATION_TOKEN

d. Quickly verify that the following policies are enabled for your space:

  • Platform End-of-Life Policy by Mondoo
  • Platform Vulnerability Policy by Mondoo

Your POLICY HUB should look like this:

policy hub-2

  1. Run the Mondoo scan

a. Scan a single ESXi host:

In the shell of the Mondoo VMware appliance, type:

Bash
mondoo scan vsphere root@<esxi ip> --ask-pass --discover host-machines

Mondoo Client connects to Mondoo Platform and downloads the enabled policies. After the scan, Mondoo Client reports results back to Mondoo Platform.

b. Scan a complete VMWare cluster:

In the shell of your Mondoo VMware appliance, type:

Bash
mondoo scan vsphere <user>@vsphere.local@<vcenter ip> --ask-pass --discover host-machines

Mondoo Client connects to Mondoo Platform and downloads the enabled policies. After the scan, Mondoo Client reports results back to Mondoo Platform.

On the Mondoo Space OVERVIEW page, you can see the VMware cluster and the top vulnerabilities within the Space:

unnamed (2)-1

Select FLEET and then select the Windows asset to see Mondoo Asset OVERVIEW page of an ESXi system.

unnamed (3)

Select Platform Vulnerabilities to see the Advisories and CVEs that affect the system. Mondoo shows:

  • An overview of the advisories and CVEs
  • How critical the vulnerability is

unnamed (4)

If you select POLICY HUB, Platform Vulnerability Policy by Mondoo, and Advisories, you see an overview of all advisories within the VMware's Space. For each advisory, Mondoo shows:

  • When it was found
  • How many assets have it
  • The fix status

platform vulnerability policy

You can continuously scan your VMware cluster: Follow the instructions in our documentation.

Don't stop at scanning the machines I set up for this exercise! You can follow the same steps to scan your own infrastructure. Mondoo's full-stack security solution identifies vulnerabilities and provides steps to fix the problems. Keep scanning and discover how you can harden your systems. If you have questions, we'd love to help.

About the Author

Patrick Münch

Patrick Münch

Co-Founder & CISO

Chief Information Security Officer (CISO) at Mondoo, Patrick is highly skilled at protecting and hacking every system he gets his hands on. He built a successful penetration testing and incident response team at SVA GmbH, their goal to increase the security level of companies and limit the impact of ransomware attacks. Now, as part of the Mondoo team, Patrick can help protect far more organizations from cybersecurity threats.

Ready to Get Started?

See how Mondoo can help secure your infrastructure.

Get DemoMore Articles