I used this command to disable all unsigned module
Get-VMHost -Name '192.168.218.132' -PipelineVariable esx |
ForEach-Object -Process {
$esxcli = Get-EsxCli -VMHost $esx -V2
$esxcli.system.module.list.Invoke() |
ForEach-Object -Process {
$esxcli.system.module.get.Invoke(@{module="$($_.Name)"}) |
Where-Object { $_.SignedStatus -eq 'Unsigned'} |
ForEach-Object -Process {
$esxcli.system.module.set.Invoke(@{module="$($_.Module)";enabled=$false})
}
}
}
But when I check by using this command
# List the system modules and Signature Info for each host
Foreach ($VMHost in Get-VMHost ) {
$ESXCli = Get-EsxCli -VMHost $VMHost
$ESXCli.system.module.list() | Foreach {
$ESXCli.system.module.get($_.Name) | Select @{N="VMHost";E={$VMHost}},
Module, License, Modulefile, Version, SignedStatus, SignatureDigest,
SignatureFingerPrint
}
}
VMHost : 192.168.218.132
Module : nfsclient
License : VMware
ModuleFile : /usr/lib/vmware/vmkmod/nfsclient
Version : Built on: Jun 30 2022
SignedStatus : Unsigned
SignatureDigest : 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
SignatureFingerPrint : 0000 0000 0000 0000 0000 0000 0000 0000
VMHost : 192.168.218.132
Module : swapobj
License : VMware
ModuleFile : /usr/lib/vmware/vmkmod/swapobj
Version :
SignedStatus : Unsigned
SignatureDigest : 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
SignatureFingerPrint : 0000 0000 0000 0000 0000 0000 0000 0000
Unsinged module still exist.
Thank you in advance