Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VMware_vSphere_8.0_STIG_VM_InSpec_Runner.ps1 won't generate Checklist file #244

Open
dmpastuf-rtx opened this issue Jul 22, 2024 · 2 comments
Open

VMware_vSphere_8.0_STIG_VM_InSpec_Runner.ps1 won't generate Checklist file #244

dmpastuf-rtx opened this issue Jul 22, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@dmpastuf-rtx
Copy link

Describe the bug

the VM Inspect Powershell script won't currently generate the checklist file, and throws an error "Error: Flat --ip expects a value";
The json file appears to be properly generated and output and the powershell cli when running indicates pass/fail properly;

It appears $mgmtip and $mgmtmac are not being declared based on observing the differences between VMware_vSphere_8.0_STIG_VM_InSpec_Runner.ps1:149 and VMware_vSphere_8.0_STIG_ESXi_InSpec_Runner.ps1:156 (and similar for the 2nd try block)

Reproduction steps

  1. Set the environmental values per https://github.com/vmware/dod-compliance-and-automation/tree/master/vsphere/8.0/v2r1-stig/vsphere/inspec/vmware-vsphere-8.0-stig-baseline README.MD
  2. Modify /inspec/vm/inspec.yml input "allvms" to 'true'
  3. run VMware_vSphere_8.0_STIG_VM_InSpec_Runner.ps1 with the required fields declared (-vcenter, -reportPath, -inspecPath; attestationFile has no impact on bug)
  4. Enter UN\Password
  5. Observe output reports only are limited to JSON; checklist is not generated

Expected behavior

Checklist file is generated for Each VM

Additional context

This occurs with the following software versions:
-PowerCLI 13.2.1 [currently latest though the min requirements mentions 13.3 which is presumably unreleased for GA yet]
-Powershell Core 7.3.4
-vCenter/ESXi 8.0 U3
-Inspec 6.6.0
-SAF CLI 1.4.8
@dmpastuf-rtx dmpastuf-rtx added the bug Something isn't working label Jul 22, 2024
@dmpastuf-rtx
Copy link
Author

dmpastuf-rtx commented Jul 22, 2024
edited
Loading

Addition of the following (or similar) appears to resolve this issue (at least for single NIC VMs);

$mgmtip = (Get-VM -Name $name).Guest.IPAddress
$mgmtmac(Get-VM -Name $name).Guest.Nics.MacAddress

Once each before the following lines:

https://github.com/vmware/dod-compliance-and-automation/blame/afddfe8359da106d240793a15f7c417246e56fcb/vsphere/8.0/v2r1-stig/vsphere/powercli/VMware_vSphere_8.0_STIG_VM_InSpec_Runner.ps1#L149

https://github.com/vmware/dod-compliance-and-automation/blame/afddfe8359da106d240793a15f7c417246e56fcb/vsphere/8.0/v2r1-stig/vsphere/powercli/VMware_vSphere_8.0_STIG_VM_InSpec_Runner.ps1#L198

@dmpastuf-rtx
Copy link
Author

dmpastuf-rtx commented Jul 22, 2024
edited
Loading

Seems like powered off VMs still throw an error with the above fix, and VMs with multiple IP addresses (or an IPv4 + IPv6) are not handled correctly

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dmpastuf-rtx