VMware GOLD vApp STIG Assessment and Remediation Tool (START)
This Fling provides Security Content Automation Protocol (SCAP) based assessment and remediation capabilities on any remote Linux machine running OpenSCAP. It can be used to assess compliance, provide Ansible-based remediation, and harden the target OS.
Unlike most Flings, there is nothing to download directly from this website. Rather, head over to the Instructions page to find out how to install and use this Fling.
This Fling is not dependent on any VMware product. This is an independent Docker container-based tool. Follow the videos to get started and use it.
To learn how to use this Fling, please watch the following videos:
- Installation and setup
- Installing OpenSCAP on Target
- Managing STIGs
- Assessing Remote Machine Using XCCDF
- Assessing Remote Machine Using OVAL
- Remediating Remote Machine
- Hardening Remote Machine
- The difference between remediation and hardening is that in remediation fixes are applied selectively only for non-compliant results, whereas in hardening all the fixes are applied irrespective of their compliance status.
- Viewing Historical Reports
- You can see assessment reports, remediation reports and hardening reports. The reports are time stamped and have details such as machine and profile names for easy identification.
- Getting Started in CLI Mode
- Fixing Results in CLI Mode
- Comparing Results in CLI Mode
- The gold command provides two types of comparison options. You can compare the last two reports of a machine or you can provide the two xml results you want to compare.
- Cool Hacks
- More details on the Dockerfile that was use to build this container image