📦 Vmware Harden

v1.0.0

Use this 技能 whenever the user needs to perform VMware 合规审计ing, baseline 检查ing, or drift 检测ion on vSphere/ESXi/NSX 环境s. Directl...

0· 0·0 当前·0 累计

by @zw008·MIT

数据与API 数据库安全加密容器与虚拟化

下载技能包项目主页

License

MIT

License

MIT

查看条款 ↗

运行时依赖

无特殊依赖

安装命令

点击复制

官方npx clawhub@latest install vmware-harden

镜像加速npx clawhub@latest install vmware-harden --registry https://cn.longxiaskill.com✓ 镜像可用

需要定制？告诉我你的需求 →

技能文档

VMware Harden (合规 & Baseline)

DisclAImer: This is a community-mAIntAIned open-source project and is not affiliated with, endorsed by, or sponsored by VMware, Inc. or Broadcom Inc. "VMware" and "vSphere" are trademarks of Broadcom. Source code is publicly 审计able at github.com/zw008/VMware-Harden under the MIT license.

AI-native VMware 合规扫描器 — built-in CIS / DISA STIG / vSphere SCG / 等保 2.0 三级 / PCI-DSS baselines, drift 检测ion, LLM-driven remediation advice, and a 网页仪表盘.

Companion 技能s: vmware-AIops (inventory + collectors data source; host/VM remediation tar获取), vmware-监控 (read-only inspection), vmware-storage (datastore remediation tar获取), vmware-nsx (segment/gateway evidence), vmware-nsx-security (DFW evidence + remediation tar获取), vmware-aria (指标 correlation), vmware-avi (load balancer evidence), vmware-vks (Tanzu Kubernetes evidence), vmware-pilot (remediation execution with 应用roval gates), vmware-policy (审计记录). See references/cross-技能-工作流s.md for end-to-end remediation flows that span pilot + sibling 技能s.

What This 技能 Does Category 工具s Count Read or Write Baseline Management 4 built-in baselines (CIS ESXi 8.0, vSphere SCG v8, 等保 2.0 L3, PCI-DSS 4.0) + custom YAML loader 4+N Read 扫描ning Multi-collector (vCenter, ESXi, NSX, vSAN, K8s) → typed Twin store 1 流水线 Read (no tar获取 writes) Drift 检测ion Snapshot diff, rule 状态 diff, evidence diff 3 types Read Remediation Advisor LLM-driven (Anthropic) suggestions per violation; mock fallback when no key 1 advisor Read 网页仪表盘 FastAPI + Jinja2 read-only UI for violations / drift / advice 1 server Read MCP Server 合规查询工具s 6 All Read Quick 安装 uv 工具安装 vmware-harden vmware-harden baseline 列出

For first-time use, ensure a vmware-AIops tar获取 is 配置d (harden uses AIops collectors) and optionally 设置 ANTHROPIC_API_KEY for live remediation advice.

When to Use This 技能

Use vmware-harden when the user needs to:

运行 a 合规扫描 agAInst CIS / DISA STIG / vSphere SCG / 等保 2.0 三级 / PCI-DSS Author or 导入 a custom YAML baseline (e.g., internal corporate baseline) 检测 drift between two 扫描s of the same tar获取获取 AI-suggested remediation steps for a violation (advice only — does not 执行) Browse a 网页仪表盘 of 合规 posture across multiple tar获取s

Do NOT use this 技能 when:

The task is general vCenter/ESXi 监控ing or read-only inspection → use vmware-监控 The task is VM lifecycle, snapshots, or guest operations → use vmware-AIops The user wants to actually 执行 a remediation (设置 advanced 设置ting, change DFW rule, etc.) → use vmware-pilot (multi-step 应用roval-gated 工作流) The task is purely NSX networking/segments → use vmware-nsx Related 技能s — 技能 Routing User Intent Recommended 技能 "扫描 ESXi for CIS 合规" vmware-harden ← this 技能 "检查等保 2.0 三级" vmware-harden "What changed since last week?" (drift) vmware-harden "Fix this violation now" vmware-pilot (应用roval-gated execution) "列出 VMs / hosts / alarms" vmware-监控 "Re配置 / power / 迁移 VM" vmware-AIops "Edit DFW rule" vmware-nsx-security "Browse 审计记录" vmware-policy (vmware-审计记录) Common 工作流s

First-time 扫描 with 等保 2.0 三级

安装: uv 工具安装 vmware-harden

验证 AIops is 配置d: vmware-AIops doctor — harden reuses AIops connection for the vCenter collector

列出 baselines: vmware-harden baseline 列出 — confirm dengbao-2.0-level3-vmware is present

扫描: vmware-harden 扫描 --baseline dengbao-2.0-level3-vmware --tar获取 prod-vcenter

报告: vmware-harden 报告 --格式化 json > violations.json (or vmware-harden 网页 for the rendered 仪表盘)

失败 branch: If you see ConnectError: vmware-AIops tar获取 not found, the AIops side is not 配置d. 运行 vmware-AIops init first; harden cannot 扫描 without a working collector.

Custom baseline 导入 + 扫描

Author YAML under ~/.vmware-harden/baselines/my-corp.yaml (see references for 模式)

验证: vmware-harden baseline 验证 ~/.vmware-harden/baselines/my-corp.yaml

导入: vmware-harden baseline 导入 ~/.vmware-harden/baselines/my-corp.yaml

扫描: vmware-harden 扫描 --baseline my-corp --tar获取 prod-vcenter

失败 branch: baseline 验证失败 usually means a 检查.path references a node type the collectors do not produce (e.g. nsx.gateway.* when no NSX collector ran). See references/命令行工具-reference.md for valid node paths and the baseline 模式.

Drift investigation

运行扫描 today: vmware-harden 扫描 --tar获取 prod-vcenter --baseline cis-vmware-esxi-8.0-sub设置

运行扫描 agAIn next week (or after a change window): same command

View drift: vmware-harden drift (renders the latest snapshot vs its prior snapshot for the same tar获取)

获取 advice on critical drift: vmware-harden advise --violation-id or vmware-harden advise --all-critical (uses ANTHROPIC_API_KEY; falls back to mock template if un设置)

Open 网页 view: vmware-harden 网页

数据来源：ClawHub ↗ · 中文优化：龙虾技能库