The VxRail_STIG.ps1 script is a consolidated, menu-driven tool for hardening components in your system. This section describes how to launch the script and provides descriptions and workflows of each menu item.
The VxRail STIG Hardening Package includes two types of script files:
- PowerShell script file, with file extension .ps1
- Linux bash shell script file, with file extension .sh
After starting the PowerShell VxRail_STIG.ps1 script, a dialog window opens allowing users to select the directory where to save the log file. The name of the log file is the same base name as the script, VxRail STIG, appended with the starting the script timestamp, VxRail STIG.<StartTimeStamp>.log. Similarly, the bash script also generates a log file and automatically saves it in the directory where the script is located on the VxRail Manager. It will have the same name as the script, but with the extension .log. These are options and they do not all have to be selected or executed.
Prerequisites: Create snapshots of all VMs before running the scripts.
- Open an elevated PowerShell prompt.
- Run the
VxRail_STIG.ps1
script. - Select the path for the log file using the Open Folder dialog window.
- Enter the following in response to each of the script prompts:
- Accept the default or go to the location of plink.exe.
- Enter FQDN or IP address of the VxRail Manager.
- Enter the password for the mystic user account.
- Enter the password again to confirm.
- Enter the username of an account with the vCenter Administrator privileges to connect to vCenter.
- Enter the password for the user account.
- Enter the password again to confirm.
- Accept the default or change the ESXi management account.
- Enter the password for the user account.
- Enter the password again to confirm.
Display All Targets
The Display All Targets option displays all vCenter Servers, VxRail nodes, and VxRail deployed virtual machine targets.
- At the menu prompt of the VxRail main hardening script, type 1 and then press Enter. The script displays all VxRail deployed components, regardless of their hardened state.
- Press Enter to return to main menu.
Harden All
The Harden All option applies the respective STIG configurations to all VxRail-deployed components in the cluster.
- At the menu prompt of the VxRail main hardening script, enter 3 and then press Enter. This option is equivalent to running hardening workflows for the VMware vCenter Server, the VxRail nodes, and the VxRail-deployed VMs that correspond to menu options 4, 6, 7, and 8. The script applies the respective STIG configurations to all VxRail-deployed components in the cluster.
- Enter responses at the menu prompts. See the following options for workflows:
- Harden All VxRail Nodes
- Harden a VxRail-deployed VMware vCenter Server or PSC
- Harden VxRail Manager
- Harden other VxRail-deployed VMs
- Press Enter to return to main menu.