Hi!
I wonder if anyone already wrote script to implement workaround for OpenSLP security vulnerability in ESXi 6.x (CVE-2019-5544) / VMSA-2019-0022 ?
One to apply:
VMware Knowledge Base ?
I have asked VMware support same question but have not got any useful answer yet.
Please don't cross-post
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
$ESXArray = @(
New-Object PSObject -Property @{Hostname = 'ServerNameONE'; Password = 'Passw0rd1'}
New-Object PSObject -Property @{Hostname = 'ServerNameTWO'; Password = 'Passw0rd2'}
New-Object PSObject -Property @{Hostname = 'ServerNameThree'; Password = 'Passw0rd3'}
)
$cmdsub = @'
/etc/init.d/slpd stop;
/etc/init.d/slpd status;
esxcli network firewall ruleset set -r CIMSLP -e 0;
chkconfig slpd off;
chkconfig --list | grep slpd;
'@
foreach($ESXHostObject in $ESXArray)
{
Write-Host "Processing $($ESXHostObject.Hostname)"
$secPswd = ConvertTo-SecureString $($ESXHostObject.Password) -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ('root', $secPswd)
$ESXHost = Get-VMHost -Name $ESXHostObject.Hostname
Get-VMHostService -VMHost $ESXHost | where{$_.Key -eq 'TSM-SSH'} | Start-VMHostService -Confirm:$false | Out-Null
$session = New-SSHSession -ComputerName $ESXHost.Name -Credential $cred –AcceptKey
Invoke-SSHCommand -SSHSession $session -Command $cmdSub | Select -ExpandProperty Output
Remove-SSHSession -SSHSession $session | Out-Null
Get-VMHostService -VMHost $ESXHost | where{$_.Key -eq 'TSM-SSH'} | Stop-VMHostService -Confirm:$false | Out-Null
}
i obtain the following error, when i run this script, can you please help..
Get-VMHostService : Cannot bind parameter 'VMHost'. Cannot convert the "" value of type "System.Management.Automation.PSCustomObject" to type
"VMware.VimAutomation.ViCore.Types.V1.Inventory.VMHost".
At line:20 char:31
+ Get-VMHostService -VMHost $ESXHostObject | where{$_.Key -eq 'TSM- ...
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-VMHostService], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,VMware.VimAutomation.ViCore.Cmdlets.Commands.Host.GetVMHostService
New-SSHSession : No connection could be made because the target machine actively refused it
At line:21 char:16
+ ... $session = New-SSHSession -ComputerName $ESXHost.Name -Credential $c ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Renci.SshNet.SshClient:SshClient) [New-SSHSession], SocketException
+ FullyQualifiedErrorId : SSH.NewSshSession
Invoke-SSHCommand : Cannot bind argument to parameter 'SSHSession' because it is null.
At line:22 char:35
+ Invoke-SSHCommand -SSHSession $session -Command $cmdSub | Select ...
+ ~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Invoke-SSHCommand], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Invoke-SSHCommand
Lucd, can you please provide me with single script which address Openspl on multiple ESXi servers and to track the ESXi servers names on which the script did not perform the task (Note - All my ESXi servers have different credentials)
Any help to have a consolidated script to address Openspl on multiple ESXi servers and to track the ESXi servers names on which the script did not perform the task (Note - All my ESXi servers have different credentials)
Hello Bean78,
I'm usually not like that, but a THANK YOU might be appropriate instead of always asking for immediate help!!
Did you connect to your vCenter server beforehand? Before you run the script, please issue the command "Connect-VIServer -Server YourvCenterName -User YourUsername". Then please execute the following commands to test what the problem is with you:
Connect-VIServer -Server YourvCenterName -User YourUsername
Get-VMHost -Name yourESXHostname
$ESXHost = Get-VMHost -Name yourESXHostname
Get-VMHostService -VMHost $ESXHost
Sorry about, thankyou and excellent support for your guidance and your help. The script worked as expected.
Hi Lucd,
How to check the status SLP on multiple ESXI host's using script or single command.
Regards,
Kumar.
Have a look at Solved: Re: SLPD service - Show a list of host and if the ... - VMware Technology Network VMTN
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference