updating vcf 5 content for 5.1 release

vmware · Nov 7, 2023 · da618a0 · da618a0
1 parent f461b0a
commit da618a0
Show file tree

Hide file tree

Showing 59 changed files with 546 additions and 246 deletions.
diff --git a/saf-manifest.json b/saf-manifest.json
@@ -49,41 +49,41 @@
     "version": "8",
     "vendor": "VMware",
     "guidance": {
-      "name": "VMware vSphere 8 STIG Readiness Guide",
-      "version": "V1R2",
-      "date": "September 21, 2023",
+      "name": "VMware vSphere 8 STIG",
+      "version": "V1R1",
+      "date": "November 03, 2023",
       "source": "https://core.vmware.com/resource/vmware-vsphere-8-stig-readiness-guide",
-      "type": "STIG Readiness Guide",
+      "type": "Official STIG",
       "category": "Virtual Platforms"
     },
     "hardening": [
       {
-        "name": "VMware vSphere vCenter Appliance 8.0 STIG Readiness Guide Ansible Playbook",
-        "version": "V1R2",
-        "date": "September 21, 2023",
+        "name": "VMware vSphere vCenter Appliance 8.0 STIG Ansible Playbook",
+        "version": "V1R1",
+        "date": "November 03, 2023",
         "source": "https://github.com/vmware/dod-compliance-and-automation/tree/master/vsphere/8.0/vcsa/ansible/vmware-vcsa-8.0-stig-ansible-hardening",
         "platform": "Ansible"
       },
       {
-        "name": "VMware vSphere 8.0 STIG Readiness Guide PowerCLI",
-        "version": "V1R2",
-        "date": "September 21, 2023",
+        "name": "VMware vSphere 8.0 STIG PowerCLI",
+        "version": "V1R1",
+        "date": "November 03, 2023",
         "source": "https://github.com/vmware/dod-compliance-and-automation/tree/master/vsphere/8.0/vsphere/powercli",
         "platform": "Powershell"
       }
     ],
     "validation": [
       {
-        "name": "VMware vSphere vCenter Appliance 8.0 STIG Readiness Guide Chef InSpec Profile",
-        "version": "V1R2",
-        "date": "September 21, 2023",
+        "name": "VMware vSphere vCenter Appliance 8.0 STIG Chef InSpec Profile",
+        "version": "V1R1",
+        "date": "November 03, 2023",
         "source": "https://github.com/vmware/dod-compliance-and-automation/tree/master/vsphere/8.0/vcsa/inspec/vmware-vcsa-8.0-stig-baseline",
         "platform": "InSpec"
       },
       {
-        "name": "VMware vSphere 8.0 STIG Readiness Guide Chef InSpec Profile",
-        "version": "V1R2",
-        "date": "September 21, 2023",
+        "name": "VMware vSphere 8.0 STIG Chef InSpec Profile",
+        "version": "V1R1",
+        "date": "November 03, 2023",
         "source": "https://github.com/vmware/dod-compliance-and-automation/tree/master/vsphere/8.0/vsphere/inspec/vmware-vsphere-8.0-stig-baseline",
         "platform": "InSpec"
       }
@@ -273,27 +273,27 @@
     "version": "5.x",
     "vendor": "VMware",
     "guidance": {
-      "name": "VMware Cloud Foundation 5.0 STIG Readiness Guide",
-      "version": "V1R1",
-      "date": "June 1, 2023",
+      "name": "VMware Cloud Foundation 5.1 STIG Readiness Guide",
+      "version": "V1R2",
+      "date": "November 07, 2023",
       "source": "https://core.vmware.com/resource/vmware-cloud-foundation-50-stig-readiness-guide",
       "type": "STIG Readiness Guide",
       "category": "Virtual Platforms"
     },
     "hardening": [
       {
-        "name": "VMware Cloud Foundation 5.0 STIG Readiness Guide Ansible Playbook",
+        "name": "VMware Cloud Foundation 5.1 STIG Readiness Guide Ansible Playbook",
         "version": "V1R1",
-        "date": "June 1, 2023",
+        "date": "November 07, 2023",
         "source": "https://github.com/vmware/dod-compliance-and-automation/tree/master/vcf/5.x/ansible/vmware-cloud-foundation-sddcmgr-5x-stig-ansible-hardening",
         "platform": "Ansible"
       }
     ],
     "validation": [
       {
-        "name": "VMware Cloud Foundation 5.0 STIG Readiness Guide Chef InSpec Profile",
+        "name": "VMware Cloud Foundation 5.1 STIG Readiness Guide Chef InSpec Profile",
         "version": "V1R1",
-        "date": "June 1, 2023",
+        "date": "November 07, 2023",
         "source": "https://github.com/vmware/dod-compliance-and-automation/tree/master/vcf/5.x/inspec/vmware-cloud-foundation-sddcmgr-5x-stig-baseline",
         "platform": "InSpec"
       }

diff --git a/vcf/5.x/README.md b/vcf/5.x/README.md
@@ -1,8 +1,18 @@
 # VMware Cloud Foundation 5.x DoD STIG Compliance and Automation
+*STIG Status: STIG Readiness Guide Version 1 Release 2*  
 
-## Overview
-*STIG Status: STIG Readiness Guide Version 1 Release 1*
+## Compatibility
+The STIG Readiness Guide Version 1 Release 2 is intended for 5.1 builds only. If you are still on 5.0 please reference the STIG Readiness Guide Version 1 Release 1 of the guidance and automation available [here](https://github.com/vmware/dod-compliance-and-automation/tree/archive-vcf-50).  
+
+|                |        V1R1*       |         V1R2*      |
+|:--------------:|:------------------:|:------------------:|
+|     5.0        | :heavy_check_mark: |         :x:        |
+|     5.0.0.1    | :heavy_check_mark: |         :x:        |
+|     5.1        |        :x:         | :heavy_check_mark: |
 
+\* Denotes STIG Readiness Guide
+
+## Overview
 This project folder contains content for compliance auditing and remediation of the VMware Cloud Foundation 5.x STIG Readiness Guide.
 
 The VMware Cloud Foundation 5.x Security Technical Implementation Guides (STIGs) provide security policy and configuration requirements for the use of VMware Cloud Foundation 5.x in the Department of Defense (DoD). The VMware Cloud Foundation 5.x STIG is comprised of the following:

diff --git a/.../ansible/vmware-cloud-foundation-sddcmgr-5x-stig-ansible-hardening/CHANGELOG.md b/.../ansible/vmware-cloud-foundation-sddcmgr-5x-stig-ansible-hardening/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Change Log
 
+## [5.0 Version 1 Release 2] (2023-11-03)
+
+#### Release Notes
+- Updated to support VCF 5.1.
+- Updated Photon dependency from 3 to 4.
+- Updated syslog template for common services.
+- Updated psql command path.
+
 ## [5.0 Version 1 Release 1] (2023-06-01)
 
 #### Release Notes

diff --git a/...5.x/ansible/vmware-cloud-foundation-sddcmgr-5x-stig-ansible-hardening/README.md b/...5.x/ansible/vmware-cloud-foundation-sddcmgr-5x-stig-ansible-hardening/README.md
@@ -1,14 +1,14 @@
 # vmware-cloud-foundation-sddcmgr-5x-stig-ansible-hardening
 VMware Cloud Foundation SDDC Manager 5.x Appliance STIG Readiness Guide Ansible Playbook  
-Version: Version 1 Release 1: June 1, 2023    
+Version: Version 1 Release 2: November 7, 2023    
 STIG Type: STIG Readiness Guide  
 
 ## Overview
 This is a hardening playbook that utilizes Ansible to perform automated remediation for STIG compliance of the VMware Cloud Foundation SDDC Manager 5.x Appliance STIG Readiness Guide.  
 
 ## !!Important!!
 - Please read through the README carefully and familiarize yourself with the playbook and ansible before running this playbook
-- As always please ensure you have a backout plan if needed you can roll back the changes
+- As always please ensure you have a back out plan if needed you can roll back the changes
 - In order to run the Photon role it must be installed as a role so that this playbook may find it
 - This playbook has not been tested for forward or backward compatibility beyond the version of SDDC Manager listed under requirements.
 

diff --git a/vcf/5.x/ansible/vmware-cloud-foundation-sddcmgr-5x-stig-ansible-hardening/playbook.yml b/vcf/5.x/ansible/vmware-cloud-foundation-sddcmgr-5x-stig-ansible-hardening/playbook.yml
@@ -1,9 +1,16 @@
 - name: vmware-cloud-foundation-sddcmgr-5x-stig-ansible-hardening
   hosts: all
   roles:
-    - role: vmware-photon-3.0-stig-ansible-hardening
+    - role: vmware-photon-4.0-stig-ansible-hardening
       vars:
-        var_syslog_authpriv_log: '/var/log/audit/sshinfo.log'
+        # Set to true or false to configure dod banner for ssh
+        run_etc_issue_dod: false
+        # Disable N/A Photon Controls
+        run_enable_selinux: false
+        run_selinux_install: false
+        run_time_sync: false
+        run_install_aide: false
+        run_aide_config: false
     - role: application
     - role: commonsvcs
     - role: domainmanager

diff --git a/vcf/5.x/ansible/vmware-cloud-foundation-sddcmgr-5x-stig-ansible-hardening/requirements.yml b/vcf/5.x/ansible/vmware-cloud-foundation-sddcmgr-5x-stig-ansible-hardening/requirements.yml
@@ -1,6 +1,6 @@
 ---
 # Pull Photon role from Gitlab
 roles:
-  - src: https://github.com/vmware/dod-compliance-and-automation/tree/master/photon/3.0/ansible/vmware-photon-3.0-stig-ansible-hardening
+  - src: https://github.com/vmware/dod-compliance-and-automation/tree/master/photon/4.0/ansible/vmware-photon-4.0-stig-ansible-hardening
     scm: git
     version: master
diff --git a/...ddcmgr-5x-stig-ansible-hardening/roles/commonsvcs/templates/stig-services-commonsvcs.conf b/...ddcmgr-5x-stig-ansible-hardening/roles/commonsvcs/templates/stig-services-commonsvcs.conf
@@ -1,6 +1,6 @@
 module(load="imfile" mode="inotify")
 input(type="imfile"
-      File="/var/log/vmware/vcf/commonsvcs/vcf-commonsvcs.log"
+      File="/var/log/vmware/vcf/commonsvcs/*.log"
       Tag="vcf-commonsvcs-runtime"
       Severity="info"
       Facility="local0")