VMware Cloud Community
tradsd222
Contributor
Contributor

Script for PCI compliance - unable to get working

I've been working on the below script for around five hours and attempting to get it to work to no avail.  Any assistance would be greatly appreciated!

The script begins to fail at line 126 then 129 and so on.  This would save us so much time in our audit.

Reply
0 Kudos
9 Replies
LucD
Leadership
Leadership

It would help if you showed us the errors you are getting


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
tradsd222
Contributor
Contributor

Attached.

Reply
0 Kudos
LucD
Leadership
Leadership

These lines

# List UserVars.ESXiShellInteractiveTimeOut for each host

Get-VMHost | Select Name, @{N="UserVars.ESXiShellInteractiveTimeOut";E={$_ | Get-AdvancedSetting UserVars.ESXiShellInteractiveTimeOut | Select -ExpandProperty Values}}"

# List UserVars.ESXiShellTimeOut for each host

Get-VMHost | Select Name, @{N="UserVars.ESXiShellTimeOut";E={$_ | Get-VMHostAdvancedConfiguration UserVars.ESXiShellTimeOut | Select -ExpandProperty Values}}"

should be (without the double quotes at the end)

# List UserVars.ESXiShellInteractiveTimeOut for each host

Get-VMHost | Select Name, @{N="UserVars.ESXiShellInteractiveTimeOut";E={$_ | Get-AdvancedSetting UserVars.ESXiShellInteractiveTimeOut | Select -ExpandProperty Values}}

# List UserVars.ESXiShellTimeOut for each host

Get-VMHost | Select Name, @{N="UserVars.ESXiShellTimeOut";E={$_ | Get-VMHostAdvancedConfiguration UserVars.ESXiShellTimeOut | Select -ExpandProperty Values}}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
tradsd222
Contributor
Contributor

Thank you very much LucD.  It appears the get-esxcli functionality has been deprecated?  My script fails beginning here.  I am getting errors from this point forward.  Would have you have a suggestion to resolve this?  Your assistance is appreciated. 

Everything fails beginning with this line:

# List all user accounts on the Host -Host Local connection required-

Get-VMHost | Get-VMHostAccount

# List UserVars.ESXiShellInteractiveTimeOut for each host

Get-VMHost | Select Name, @{N="UserVars.ESXiShellInteractiveTimeOut";E={$_ | Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut | Select -ExpandProperty Values}}

# List UserVars.ESXiShellTimeOut for each host

Get-VMHost | Select Name, @{N="UserVars.ESXiShellTimeOut";E={$_ | Get-AdvancedSetting -Name UserVars.ESXiShellTimeOut | Select -ExpandProperty Values}}

# List Iscsi Initiator and CHAP Name if defined

#Get-VMHost | Get-VMHostHba | Where {$_.Type -eq "Iscsi"} | Select VMHost, Device, ChapType, @{N="CHAPName";E={$_.AuthenticationProperties.ChapName}}

#List the Software AcceptanceLevel for each host

Foreach ($VMHost in Get-VMHost ) {

$ESXCli = Get-EsxCli -VMHost $VMHost

$VMHost | Select Name, @{N="AcceptanceLevel";E={$ESXCli.software.acceptance.get()}}

}

# List only the vibs which are not at "VMwareCertified" acceptance level

Foreach ($VMHost in Get-VMHost ) {

$ESXCli = Get-EsxCli -VMHost $VMHost

$ESXCli.software.vib.list() | Where { $_.AcceptanceLevel -ne "VMwareCertified" }

}

# List the Software AcceptanceLevel for each host

Foreach ($VMHost in Get-VMHost ) {

$ESXCli = Get-EsxCli -VMHost $VMHost

$VMHost | Select Name, @{N="AcceptanceLevel";E={$ESXCli.software.acceptance.get()}}

}

# List only the vibs which are not at "VMwareCertified" or "VMwareAccepted" or "PartnerSupported" acceptance level

Foreach ($VMHost in Get-VMHost ) {

$ESXCli = Get-EsxCli -VMHost $VMHost

$ESXCli.software.vib.list() | Where { ($_.AcceptanceLevel -ne "VMwareCertified") -and ($_.AcceptanceLevel -ne "VMwareAccepted") -and ($_.AcceptanceLevel -ne "PartnerSupported") }

}

# List Net.DVFilterBindIpAddress for each host

Get-VMHost | Select Name, @{N="Net.DVFilterBindIpAddress";E={$_ | Get-VMHostAdvancedConfiguration Net.DVFilterBindIpAddress | Select -ExpandProperty Values}}

# Check the SHA1 has of the download with the following function

#Function Get-SHA1 {

#Param (

  #$Filename

#)

#begin {

  #[Reflection.Assembly]::LoadWithPartialName("System.Security") | out-null

  #$sha1 = new-Object System.Security.Cryptography.SHA1Managed

#}

#Process {

  #$file = [System.IO.File]::Open($filename, "open", "read")

            #$filehash = $sha1.ComputeHash($file) | Foreach {

                #write-host -NoNewLine $_.ToString("x2")

            #}

            #$file.Dispose()

#}

#}

#Get-SHA1 -Filename "C:\Sources\ESX5.ISO"

# List the system modules and Signature Info for each host

Foreach ($VMHost in Get-VMHost ) {

$ESXCli = Get-EsxCli -VMHost $VMHost

$ESXCli.system.module.list() | Foreach {

  $ESXCli.system.module.get($_.Name) | Select @{N="VMHost";E={$VMHost}}, Module, License, Modulefile, Version, SignedStatus, SignatureDigest, SignatureFingerPrint

}

}

# List the vCenter Password Expiration Value

Get-AdvancedSetting -Entity $defaultVIServer -Name "VirtualCenter.VimPasswordExpirationInDays"

Errors are attached.

Reply
0 Kudos
LucD
Leadership
Leadership

It all seems to start with the Get-VMHost that times out.
When you do a Get-VMHost from the prompt, i anything returned?

Are you connected?

What is in $global:defaultviservers?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
tradsd222
Contributor
Contributor

Both report back the host I am connected to.

Reply
0 Kudos
LucD
Leadership
Leadership

Which is strange, since the error you included shows that the Get-VMHost cmdlet times out.

Are you connected to a vCenter or an ESXi node?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
tradsd222
Contributor
Contributor

I am connected to an esxi host.  I do have to re-connect to the host (close powercli and re-open) to then run the script a second time, third time, etc.  When I try to run a second time I get the attached error.  It doesn't even connect beginning in line1 whereas the first time running it gets through 100 or so lines before it starts erroring.  Is there a finite amount of times get-vmhost can be ran against a host perhaps?

Reply
0 Kudos
LucD
Leadership
Leadership

Can you try the following?

  • start a fresh PowerCLI prompt
  • connect to the ESXi node
  • do a Get-VMHost

Does that work?

And also if you execute the Get-VMHost repeatedly?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos