VMware Cloud Community
Kirizan
Contributor
Contributor
‎02-16-2010 07:44 AM
Jump to solution

Powershell question

Hello all, I'm very new to powershell and I had some questions about it's capabilities. I currently have scripts to configure the security of a host, but they are all shell scripts. I was looking to port them to powershell, but since I'm on a limited timeline, I wanted to know if it was fesable before putting a lot of time into the attempt. I am looking mainly at the SRR script found in the forums here. There are also some other security hits that we have come across that we need to address. I would love to do it all through powershell if possible, but I wasn't sure if powershell can modify the ESX hosts at that level. So my questions come down to: Can powershell modify files on the esx servers directly, and can powershell modify permisions on the files of an ESX server? Also, could powershell run a shell script on an ESX host, could I have the security script on the ESX server, but have powershell fire it off? Thank you all for the help, and I hope to learn as much about powershell as I can in the next few months Smiley Happy

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎02-16-2010 08:55 AM
Jump to solution

Configuring security through PowerShell/PowerCLI is definitely possible.

As an example have a look at my recent Security – Hardening – Part 1 – Virtual Machines post.

I plan to tackle the other Hardening Guides in future posts.

PowerShell won't run in the COS of the ESX server since it is a Windows-based application.

The things you want to do in the COS (file modifications, file permissions, running shell scripts) are not available directly from a PowerShell/PowerCLI script. But there ways to do this.

The downside would be that you have to give up some security settings.

You would have to allow SSH to the COS, you would need to set up sudo or you would need to allow root to connect via SSH.

On the other hand running scripts in the COS directly is, afaik, not considered a best practise.

And on ESXi servers, which seems to be the direction VMware is heading, there is not even a COS.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
2 Replies
LucD
Leadership
Leadership
‎02-16-2010 08:55 AM
Jump to solution

Configuring security through PowerShell/PowerCLI is definitely possible.

As an example have a look at my recent Security – Hardening – Part 1 – Virtual Machines post.

I plan to tackle the other Hardening Guides in future posts.

PowerShell won't run in the COS of the ESX server since it is a Windows-based application.

The things you want to do in the COS (file modifications, file permissions, running shell scripts) are not available directly from a PowerShell/PowerCLI script. But there ways to do this.

The downside would be that you have to give up some security settings.

You would have to allow SSH to the COS, you would need to set up sudo or you would need to allow root to connect via SSH.

On the other hand running scripts in the COS directly is, afaik, not considered a best practise.

And on ESXi servers, which seems to be the direction VMware is heading, there is not even a COS.

____________

Blog: LucD notes

Twitter: lucd22


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Kirizan
Contributor
Contributor
‎02-16-2010 10:25 AM
Jump to solution

Thank you very much for the quick response. Unfortunatly, I can't tell the government they need to sacrifice security settings Smiley Happy So I'll just stick with the script that runs at the COS until they migrate to 4i. Thank you again for the quick response.

0 Kudos