Hi Luc ,
can you please check following script .this is to get some security info from esxi and network switches .this works fine except the orange line .
can you please modify orange line to use join .also can this be converted to excel file ??
$vcenter=read-host "please provide vcentername"
$credential_vcenter=get-credential
$conn=connect-viserver -server $vcenter|out-null
#only for distributed switches .
#for hostd presence we need openssh module though it shud be present by default.
$path = 'C:\Users\user1\Desktop\scriptfolder'
$security_parameters = @()
foreach($dc in get-datacenter)
{
$datacenter=get-datacenter $dc
write-host "cureent powershell version" -ForegroundColor Cyan
$PSVersionTable.psversion
foreach($ei in (get-vmhost -Location $datacenter))
{
$esxi=get-vmhost -name $ei
$distributedswitch = get-vmhost $esxi|Get-VirtualSwitch -Distributed
$ssh_running_remote = Get-VMHost $esxi | Get-VMHostService | Where {$_.key -eq "TSM-SSH"}
$promiscousmode=$distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value
$forgedtransmit=$distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value
$mac_address_change=$distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value
$vmkmgmt=Get-VMHostNetworkAdapter -VMHost $esxi -VMKernel|?{$_.ManagementTrafficEnabled -eq $true}
$dhcp_enabled=$vmkmgmt.DhcpEnabled
$ports_enabled=Get-VMHostFirewallException -vmhost $esxi -Enabled:$true
$local_tech_support=Get-VMHost $esxi | Get-View | Where {$_.Summary.Config.Product.Name -match "i"} | Select Name, @{N="localTechSuportModeEnabled";E={(Get-VMHost $_.Name | Get-VMHostAdvancedConfiguration -Name VMkernel.Boot.techSupportMode).Values}}
$local_tech_support.localTechSuportModeEnabled
if($local_tech_support.localTechSuportModeEnabled -eq $null)
{
$localtechsupportenabled="False"
}
$vmkernel=get-log -VMHost $esxi -Key vmkernel
if($vmkernel.entries -ne $null)
{
$presence_vmkernel="True"
}
$output = New-Object -TypeName PSObject
$output|Add-Member -MemberType NoteProperty -Name 'esxiname' -Value $esxi.name
$output|Add-Member -MemberType NoteProperty -Name 'distributedswitch' -Value $distributedswitch.name
$output|Add-Member -MemberType NoteProperty -Name 'whetherremote_ssh_running' -Value $ssh_running_remote.running
$output|Add-Member -MemberType NoteProperty -Name 'promiscousmode' -Value $promiscousmode
$output|Add-Member -MemberType NoteProperty -Name 'forgedtransmit' -Value $forgedtransmit
$output|Add-Member -MemberType NoteProperty -Name 'mac_address_change' -Value $mac_address_change
$output|Add-Member -MemberType NoteProperty -Name 'vmkernellogs_presence' -Value $presence_vmkernel
$output|Add-Member -MemberType NoteProperty -Name 'whether mgmt ip assigned by dhcp' -Value $dhcp_enabled
$output|Add-Member -MemberType NoteProperty -Name 'ports enabled ' -Value $ports_enabled
$output|Add-Member -MemberType NoteProperty -Name 'whether local tech support mode enabled ' -Value $localtechsupportenabled
$security_parameters += $output
}
}
$security_parameters|out-file $path\secp.txt
Try something like this (I split into incoming and outgoing).
$credential_vcenter = Get-Credential
$conn = Connect-VIServer -Server $vcenter | Out-Null
#only for distributed switches .
#for hostd presence we need openssh module though it should be present by default.
$path = 'C:\Users\user1\Desktop\scriptfolder'
$security_parameters = @()
foreach ($dc in Get-Datacenter)
{
Write-Host "Current PowerShell version $(($PSVersionTable.PSVersion).ToString())" -ForegroundColor Cyan
foreach ($esxi in (Get-VMHost -Location $dc))
{
$distributedswitch = Get-VirtualSwitch -VMHost $esxi -Distributed
$ssh_running_remote = Get-VMHostService -VMHost $esxi | Where-Object { $_.key -eq "TSM-SSH" }
$promiscousmode = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value
$forgedtransmit = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value
$mac_address_change = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value
$vmkmgmt = Get-VMHostNetworkAdapter -VMHost $esxi -VMKernel | Where-Object { $_.ManagementTrafficEnabled -eq $true }
$dhcp_enabled = $vmkmgmt.DhcpEnabled
$ports_enabled = Get-VMHostFirewallException -VMHost $esxi -Enabled:$true
$inports = ($ports_enabled.IncomingPorts | % { $_.Split(',') } | Where-Object { $_ } | % { [int]$_.Trim(' ') }) -join '|'
$outports = ($ports_enabled.OutGoingPorts | % { $_.Split(',') } | Where-Object { $_ } | % { $_.Trim(' ') }) -join '|'
$local_tech_support = $esxi |
Where-Object { $_.ExtensionData.Summary.Config.Product.Name -match "i" } |
Select-Object Name,
@{N = "localTechSuportModeEnabled"; E = { (Get-VMHost $_.Name | Get-AdvancedSetting -Entity $esxi -Name VMkernel.Boot.techSupportMode).Values } }
if ($null -eq $local_tech_support.localTechSuportModeEnabled)
{
$localtechsupportenabled = "False"
}
$vmkernel = Get-Log -VMHost $esxi -Key vmkernel
if ($null -ne $vmkernel.entries)
{
$presence_vmkernel = "True"
}
$output = New-Object -TypeName PSObject
$output | Add-Member -MemberType NoteProperty -Name 'esxiname' -Value $esxi.name
$output | Add-Member -MemberType NoteProperty -Name 'distributedswitch' -Value $distributedswitch.name
$output | Add-Member -MemberType NoteProperty -Name 'whetherremote_ssh_running' -Value $ssh_running_remote.running
$output | Add-Member -MemberType NoteProperty -Name 'promiscousmode' -Value $promiscousmode
$output | Add-Member -MemberType NoteProperty -Name 'forgedtransmit' -Value $forgedtransmit
$output | Add-Member -MemberType NoteProperty -Name 'mac_address_change' -Value $mac_address_change
$output | Add-Member -MemberType NoteProperty -Name 'vmkernellogs_presence' -Value $presence_vmkernel
$output | Add-Member -MemberType NoteProperty -Name 'whether mgmt ip assigned by dhcp' -Value $dhcp_enabled
$output | Add-Member -MemberType NoteProperty -Name 'incoming ports enabled ' -Value $inports
$output | Add-Member -MemberType NoteProperty -Name 'outgoing ports enabled ' -Value $outports
$output | Add-Member -MemberType NoteProperty -Name 'whether local tech support mode enabled ' -Value $localtechsupportenabled
$security_parameters += $output
}
}
$security_parameters | Out-File -FilePath "$path\secp.txt"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Try something like this (I split into incoming and outgoing).
$credential_vcenter = Get-Credential
$conn = Connect-VIServer -Server $vcenter | Out-Null
#only for distributed switches .
#for hostd presence we need openssh module though it should be present by default.
$path = 'C:\Users\user1\Desktop\scriptfolder'
$security_parameters = @()
foreach ($dc in Get-Datacenter)
{
Write-Host "Current PowerShell version $(($PSVersionTable.PSVersion).ToString())" -ForegroundColor Cyan
foreach ($esxi in (Get-VMHost -Location $dc))
{
$distributedswitch = Get-VirtualSwitch -VMHost $esxi -Distributed
$ssh_running_remote = Get-VMHostService -VMHost $esxi | Where-Object { $_.key -eq "TSM-SSH" }
$promiscousmode = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value
$forgedtransmit = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value
$mac_address_change = $distributedswitch.Extensiondata.Config.DefaultPortConfig.SecurityPolicy.MacChanges.Value
$vmkmgmt = Get-VMHostNetworkAdapter -VMHost $esxi -VMKernel | Where-Object { $_.ManagementTrafficEnabled -eq $true }
$dhcp_enabled = $vmkmgmt.DhcpEnabled
$ports_enabled = Get-VMHostFirewallException -VMHost $esxi -Enabled:$true
$inports = ($ports_enabled.IncomingPorts | % { $_.Split(',') } | Where-Object { $_ } | % { [int]$_.Trim(' ') }) -join '|'
$outports = ($ports_enabled.OutGoingPorts | % { $_.Split(',') } | Where-Object { $_ } | % { $_.Trim(' ') }) -join '|'
$local_tech_support = $esxi |
Where-Object { $_.ExtensionData.Summary.Config.Product.Name -match "i" } |
Select-Object Name,
@{N = "localTechSuportModeEnabled"; E = { (Get-VMHost $_.Name | Get-AdvancedSetting -Entity $esxi -Name VMkernel.Boot.techSupportMode).Values } }
if ($null -eq $local_tech_support.localTechSuportModeEnabled)
{
$localtechsupportenabled = "False"
}
$vmkernel = Get-Log -VMHost $esxi -Key vmkernel
if ($null -ne $vmkernel.entries)
{
$presence_vmkernel = "True"
}
$output = New-Object -TypeName PSObject
$output | Add-Member -MemberType NoteProperty -Name 'esxiname' -Value $esxi.name
$output | Add-Member -MemberType NoteProperty -Name 'distributedswitch' -Value $distributedswitch.name
$output | Add-Member -MemberType NoteProperty -Name 'whetherremote_ssh_running' -Value $ssh_running_remote.running
$output | Add-Member -MemberType NoteProperty -Name 'promiscousmode' -Value $promiscousmode
$output | Add-Member -MemberType NoteProperty -Name 'forgedtransmit' -Value $forgedtransmit
$output | Add-Member -MemberType NoteProperty -Name 'mac_address_change' -Value $mac_address_change
$output | Add-Member -MemberType NoteProperty -Name 'vmkernellogs_presence' -Value $presence_vmkernel
$output | Add-Member -MemberType NoteProperty -Name 'whether mgmt ip assigned by dhcp' -Value $dhcp_enabled
$output | Add-Member -MemberType NoteProperty -Name 'incoming ports enabled ' -Value $inports
$output | Add-Member -MemberType NoteProperty -Name 'outgoing ports enabled ' -Value $outports
$output | Add-Member -MemberType NoteProperty -Name 'whether local tech support mode enabled ' -Value $localtechsupportenabled
$security_parameters += $output
}
}
$security_parameters | Out-File -FilePath "$path\secp.txt"
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
thnaksluc .iam going to check this .do yu see any scope of putting anything related to encryption in this script.
What encryption do you mean?
You could check if there is a KMS server present and if encryption is enabled on the ESXi nodes.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
this works fine and thanks for reminding me the version of powershell.