Open pbarrette opened 1 year ago
Yea we technically can't fix these VMs in 7 but they aren't necessarily excluded from being compliant either the way things are currently written (they didn't exist until later versions of 7). We'll have to reconsider this in a future update after the official STIG is out.
In 8.0 this won't be an issue as these VMs are all compliant with the guidance when that comes out.
Describe the bug
Executing a scan against all VMs results in failures on multiple controls for vCLS-X VMs.
My understanding is that the configuration of the vCLS machines is not supposed to be changed. Additionally, attempting to modify them results in an error.
Reproduction steps
Expected behavior
The STIG should be updated to note that vCLS machines are exempt from the failing controls.
If they should not be exempt, VMware should be creating the vCLS machines with the proper controls already applied.
The inspec controls should be updated to ignore the vCLS VMs and produce a compliant scan.
Additional context
I've changed the following line in all VMCH controls from:
vms = powercli_command('Get-VM | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub("\r\n", "\n").split("\n")
To:
vms = powercli_command('Get-VM | Where-Object { $_.Folder -notmatch "vCLS" } | Sort-Object Name | Select -ExpandProperty Name').stdout.gsub("\r\n", "\n").split("\n")
This ignores all VMs in the vCenter created "vCLS" folder.