Hi Luc ,
i discussed one script some days back to find some security parameters .
can you please tell me if get-log -key vmkernal-vmhost $esxi, get-log -key hostd-vmhost $esxi will need some port open ??
this host is added to vcenter and iam running that script against vcenter.
for some reasons iam geetingcommunuication to host failure error .
below is the script:
#$vcenter = Read-Host "please provide vcentername"
#$credential_vcenter = Get-Credential
#$conn = Connect-VIServer -Server $vcenter | Out-Null
#only for distributed switches .
#for hostd presence we need openssh module though it should be present by default.
$path = 'C:\Users\in0079d6\Desktop\Technicolor_script'
$security_parameters = @()
foreach ($dc in Get-Datacenter)
{
#Write-Host "Current PowerShell version $(($PSVersionTable.PSVersion).ToString())" -ForegroundColor Cyan
foreach ($esxi in (Get-VMHost -Location $dc))
{
$distributedswitch = Get-VirtualSwitch -VMHost $esxi -Distributed
$ssh_running_remote = Get-VMHostService -VMHost $esxi | Where-Object { $_.key -eq "TSM-SSH" }
$promiscousmode = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value
$forgedtransmit = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value
$mac_address_change = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value
$vmkmgmt = Get-VMHostNetworkAdapter -VMHost $esxi -VMKernel | Where-Object { $_.ManagementTrafficEnabled -eq $true }
$dhcp_enabled = $vmkmgmt.DhcpEnabled
$ports_enabled = Get-VMHostFirewallException -VMHost $esxi -Enabled:$true
$inports = ($ports_enabled.IncomingPorts | % { $_.Split(',') } | Where-Object { $_ } | % { [int]$_.Trim(' ') }) -join '|'
$outports = ($ports_enabled.OutGoingPorts | % { $_.Split(',') } | Where-Object { $_ } | % { $_.Trim(' ') }) -join '|'
$local_tech_support = $esxi |
Where-Object { $_.ExtensionData.Summary.Config.Product.Name -match "i" } |
Select-Object Name,
@{N = "localTechSuportModeEnabled"; E = { (Get-VMHost $_.Name | Get-AdvancedSetting -Entity $esxi -Name VMkernel.Boot.techSupportMode).Values } }
if ($null -eq $local_tech_support.localTechSuportModeEnabled)
{
$localtechsupportenabled = "False"
}
$vmkernel = Get-Log -VMHost $esxi -Key vmkernel
if ($null -ne $vmkernel.entries)
{
$presence_vmkernel = "True"
}
$hostd = Get-Log -VMHost $esxi -Key hostd
if ($null -ne $hostd.entries)
{
$presence_hostd = "True"
}
$output = New-Object -TypeName PSObject
$output | Add-Member -MemberType NoteProperty -Name 'esxiname' -Value $esxi.name
$output | Add-Member -MemberType NoteProperty -Name 'distributedswitch' -Value $distributedswitch.name
$output | Add-Member -MemberType NoteProperty -Name 'whetherremote_ssh_running' -Value $ssh_running_remote.running
$output | Add-Member -MemberType NoteProperty -Name 'promiscousmode' -Value $promiscousmode
$output | Add-Member -MemberType NoteProperty -Name 'forgedtransmit' -Value $forgedtransmit
$output | Add-Member -MemberType NoteProperty -Name 'mac_address_change' -Value $mac_address_change
$output | Add-Member -MemberType NoteProperty -Name 'vmkernellogs_presence' -Value $presence_vmkernel
$output | Add-Member -MemberType NoteProperty -Name 'hostdlogs_presence' -Value $presence_hostd
$output | Add-Member -MemberType NoteProperty -Name 'whether mgmt ip assigned by dhcp' -Value $dhcp_enabled
$output | Add-Member -MemberType NoteProperty -Name 'incoming ports enabled ' -Value $inports
$output | Add-Member -MemberType NoteProperty -Name 'outgoing ports enabled ' -Value $outports
$output | Add-Member -MemberType NoteProperty -Name 'whether local tech support mode enabled ' -Value $localtechsupportenabled
$security_parameters += $output
}
}
$security_parameters | Out-File -FilePath "$path\security_params.txt"
