4 Replies Latest reply on Apr 15, 2019 8:15 PM by jvm2016

    script_structure_powercli

    jvm2016 Hot Shot

      Hi Luc ,

       

      can you please check following script .this is to get some security info from esxi and network switches .this works fine except the orange line .

      can you please modify orange line to use join .also can this be converted to excel file ??

       

      $vcenter=read-host "please provide vcentername"

      $credential_vcenter=get-credential

      $conn=connect-viserver -server $vcenter|out-null

       

      #only for distributed switches .

      #for hostd presence we need openssh module though it shud be present by default.

      $path = 'C:\Users\user1\Desktop\scriptfolder'

      $security_parameters = @()

      foreach($dc in get-datacenter)

      {

      $datacenter=get-datacenter $dc

      write-host "cureent powershell version" -ForegroundColor Cyan

      $PSVersionTable.psversion

       

      foreach($ei in (get-vmhost -Location $datacenter))

      {

       

       

       

       

       

       

      $esxi=get-vmhost -name $ei

      $distributedswitch = get-vmhost $esxi|Get-VirtualSwitch -Distributed

      $ssh_running_remote = Get-VMHost $esxi | Get-VMHostService | Where {$_.key -eq "TSM-SSH"}

       

      $promiscousmode=$distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value

      $forgedtransmit=$distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value

      $mac_address_change=$distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value

      $vmkmgmt=Get-VMHostNetworkAdapter -VMHost $esxi -VMKernel|?{$_.ManagementTrafficEnabled -eq $true}

      $dhcp_enabled=$vmkmgmt.DhcpEnabled

      $ports_enabled=Get-VMHostFirewallException -vmhost $esxi -Enabled:$true

      $local_tech_support=Get-VMHost $esxi | Get-View | Where {$_.Summary.Config.Product.Name -match "i"} | Select Name, @{N="localTechSuportModeEnabled";E={(Get-VMHost $_.Name | Get-VMHostAdvancedConfiguration -Name VMkernel.Boot.techSupportMode).Values}}

      $local_tech_support.localTechSuportModeEnabled

      if($local_tech_support.localTechSuportModeEnabled -eq $null)

      {

      $localtechsupportenabled="False"

       

      }

      $vmkernel=get-log -VMHost $esxi -Key vmkernel

       

      if($vmkernel.entries -ne $null)

      {

      $presence_vmkernel="True"

      }

       

       

       

       

      $output = New-Object -TypeName PSObject

       

              $output|Add-Member -MemberType NoteProperty -Name 'esxiname' -Value $esxi.name

       

              $output|Add-Member -MemberType NoteProperty -Name 'distributedswitch' -Value $distributedswitch.name

                    

              $output|Add-Member -MemberType NoteProperty -Name 'whetherremote_ssh_running' -Value $ssh_running_remote.running

              $output|Add-Member -MemberType NoteProperty -Name 'promiscousmode' -Value $promiscousmode

              $output|Add-Member -MemberType NoteProperty -Name 'forgedtransmit' -Value $forgedtransmit

              $output|Add-Member -MemberType NoteProperty -Name 'mac_address_change' -Value $mac_address_change

              $output|Add-Member -MemberType NoteProperty -Name 'vmkernellogs_presence' -Value $presence_vmkernel

              $output|Add-Member -MemberType NoteProperty -Name 'whether mgmt ip assigned by dhcp' -Value $dhcp_enabled

              $output|Add-Member -MemberType NoteProperty -Name 'ports enabled ' -Value $ports_enabled

              $output|Add-Member -MemberType NoteProperty -Name 'whether local tech support mode enabled ' -Value $localtechsupportenabled

       

       

       

       

       

       

       

       

       

              $security_parameters += $output

       

       

       

                     }

                    

                    

                     }

       

       

      $security_parameters|out-file $path\secp.txt

        • 1. Re: script_structure_powercli
          LucD Guru
          vExpertCommunity WarriorsUser Moderators

          Try something like this (I split into incoming and outgoing).

           

          $vcenter = Read-Host "please provide vcentername"

          $credential_vcenter = Get-Credential

          $conn = Connect-VIServer -Server $vcenter | Out-Null


          #only for distributed switches .

          #for hostd presence we need openssh module though it should be present by default.

          $path = 'C:\Users\user1\Desktop\scriptfolder'

          $security_parameters = @()

          foreach ($dc in Get-Datacenter)

          {

             Write-Host "Current PowerShell version $(($PSVersionTable.PSVersion).ToString())" -ForegroundColor Cyan


             foreach ($esxi in (Get-VMHost -Location $dc))

             {

             $distributedswitch = Get-VirtualSwitch -VMHost $esxi -Distributed

             $ssh_running_remote = Get-VMHostService -VMHost $esxi | Where-Object { $_.key -eq "TSM-SSH" }

           

             $promiscousmode = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value

             $forgedtransmit = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value

             $mac_address_change = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value

             $vmkmgmt = Get-VMHostNetworkAdapter -VMHost $esxi -VMKernel | Where-Object { $_.ManagementTrafficEnabled -eq $true }

             $dhcp_enabled = $vmkmgmt.DhcpEnabled

             $ports_enabled = Get-VMHostFirewallException -VMHost $esxi -Enabled:$true

             $inports = ($ports_enabled.IncomingPorts | % { $_.Split(',') } | Where-Object { $_ } | % { [int]$_.Trim(' ') }) -join '|'

             $outports = ($ports_enabled.OutGoingPorts | % { $_.Split(',') } | Where-Object { $_ } | % { $_.Trim(' ') }) -join '|'

             $local_tech_support = $esxi |

             Where-Object { $_.ExtensionData.Summary.Config.Product.Name -match "i" } |

             Select-Object Name,

             @{N = "localTechSuportModeEnabled"; E = { (Get-VMHost $_.Name | Get-AdvancedSetting -Entity $esxi -Name VMkernel.Boot.techSupportMode).Values } }

             if ($null -eq $local_tech_support.localTechSuportModeEnabled)

             {

             $localtechsupportenabled = "False"

             }

             $vmkernel = Get-Log -VMHost $esxi -Key vmkernel

             if ($null -ne $vmkernel.entries)

             {

             $presence_vmkernel = "True"

             }

             $output = New-Object -TypeName PSObject

             $output | Add-Member -MemberType NoteProperty -Name 'esxiname' -Value $esxi.name

             $output | Add-Member -MemberType NoteProperty -Name 'distributedswitch' -Value $distributedswitch.name

             $output | Add-Member -MemberType NoteProperty -Name 'whetherremote_ssh_running' -Value $ssh_running_remote.running

             $output | Add-Member -MemberType NoteProperty -Name 'promiscousmode' -Value $promiscousmode

             $output | Add-Member -MemberType NoteProperty -Name 'forgedtransmit' -Value $forgedtransmit

             $output | Add-Member -MemberType NoteProperty -Name 'mac_address_change' -Value $mac_address_change

             $output | Add-Member -MemberType NoteProperty -Name 'vmkernellogs_presence' -Value $presence_vmkernel

             $output | Add-Member -MemberType NoteProperty -Name 'whether mgmt ip assigned by dhcp' -Value $dhcp_enabled

             $output | Add-Member -MemberType NoteProperty -Name 'incoming ports enabled ' -Value $inports

             $output | Add-Member -MemberType NoteProperty -Name 'outgoing ports enabled ' -Value $outports

             $output | Add-Member -MemberType NoteProperty -Name 'whether local tech support mode enabled ' -Value $localtechsupportenabled

             $security_parameters += $output

             }

          }


          $security_parameters | Out-File -FilePath "$path\secp.txt"

          • 2. Re: script_structure_powercli
            jvm2016 Hot Shot

            thnaksluc .iam going to check this .do yu see any scope of putting anything related to encryption in this script.

            • 3. Re: script_structure_powercli
              LucD Guru
              Community WarriorsUser ModeratorsvExpert

              What encryption do you mean?
              You could check if there is a KMS server present and if encryption is enabled on the ESXi nodes.

              • 4. Re: script_structure_powercli
                jvm2016 Hot Shot

                this works fine and thanks for reminding me the version of powershell.