VMware Cloud Community
gman7777
Contributor
Contributor
Jump to solution

Script for VMSA-2020-0023 to turn off CIM service on ESXi hosts

HI everyone,

 

could someone please help me with a script that would turn off this CIM service. It needs the ability to run this on multiple hosts.

Thank you

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

There is a script I wrote in Re: PowerCLI - Workaround for OpenSLP security vul... - VMware Technology Network VMTN

But there might be a problem, as the KB also mentions, with stopping the SLP service when it is in use.
You might also want to have a look at Solved: Re: Do we need the SLP Service on Port 427 - VMware Technology Network VMTN for more background info on the procedure.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
7 Replies
LucD
Leadership
Leadership
Jump to solution

Are you referring to the procedure described in KB76372?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
gman7777
Contributor
Contributor
Jump to solution

 
Reply
0 Kudos
gman7777
Contributor
Contributor
Jump to solution

Hello Luc,

Yes that is the one.

Thank you

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

If the conditions in the KB are met, you could use the following

 

$cimOff = @{
    rulesetid = 'CIMSLP'
    enabled = $false
}

Get-VMHost -PipelineVariable esx |
ForEach-Object -Process {
    $esxcli = Get-EsxCli -VMHost $esx -V2
    if(($esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = 'CIMSLP'})).Enabled){
        $esxcli.network.firewall.ruleset.set.Invoke($cimOff)
    }
}

But be aware that this does not do the check if the SLP service is active.

Further, the command to stop the service (/etc/init.d/slpd stop) will need to be done through an SSH session.
The same goes for the command (chkconfig) to make the change persistent through reboots.

For an SSH session, if that is an option for you, you can use the Posh-Sssh module.
See for example my Use Posh-SSH instead of PuTTY dive.

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
gman7777
Contributor
Contributor
Jump to solution

Hello Luc,

 

Than kyou very much, 

 

Do you have script that does all of those functions?, Sorry I am not very knowledgeable with scripting. 

 

Thank you

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

There is a script I wrote in Re: PowerCLI - Workaround for OpenSLP security vul... - VMware Technology Network VMTN

But there might be a problem, as the KB also mentions, with stopping the SLP service when it is in use.
You might also want to have a look at Solved: Re: Do we need the SLP Service on Port 427 - VMware Technology Network VMTN for more background info on the procedure.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
gman7777
Contributor
Contributor
Jump to solution

Hi Luc,

Great!

Thank you so much

Reply
0 Kudos