So I was very interested to test your script on our ESXi 5.1 hosts. Before I even began the hardening process we require to complete I thought I would run the script against an 'out of the box' default install. Literally DHCP with zero guest installs. Running the script from vMA and it gives me a 69% grade based on --host check on this single default host.
However I am confused as to passes it is awarding. Accepted there are many manual actions to make and it has picked up on some fails which I'd expect. But how can unconfigured settings - such as syslog output, or even NTP client config - pass when they have no configuration at all. At the moment I like the idea of using your script further but worry about this if passes are coming through on services which are basically blank and untouched.
Is there an explanation for this that I am missing? or is the script simply not complete. If its not complete I won't be able to use it anyway for vetting procedure so would appreciate any clarity.