DSCResources/Vsphere/Vsphere.schema.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.

using module ..\helper.psm1
using module ..\..\PowerStig.psm1

<#
    .SYNOPSIS
        A composite DSC resource to manage Vsphere STIG settings
    .PARAMETER Version
        The Vsphere Esxi version for which a DISA STIG configuration is generated, i.e. '6.5'
    .PARAMETER HostIP
        The IP address of the Esxi Host that is being targeted
    .PARAMETER ServerIP
        The Vcenter Server Ip that the host is connected to. This is required to secure the host with Vsphere resource
    .PARAMETER Credential
        The credential to administer the Esxi host
    .PARAMETER VirtualStandardSwitchGroup
        A group of standard switches
    .PARAMETER VmGroup
        A group of VM's to target on host
    .PARAMETER StigVersion
        The version of the Adobe Application STIG to apply and/or monitor
    .PARAMETER Exception
        A hashtable of StigId=Value key pairs that are injected into the STIG data and applied to
        the target node. The title of STIG settings are tagged with the text 'Exception' to identify
        the exceptions to policy across the data center when you centralize DSC log collection.
    .PARAMETER OrgSettings
        The path to the xml file that contains the local organizations preferred settings for STIG
        items that have allowable ranges. The OrgSettings parameter also accepts a hashtable for
        values that need to be modified. When a hashtable is used, the specified values take
        presidence over the values defined in the org.default.xml file.
    .PARAMETER SkipRule
        The SkipRule Node is injected into the STIG data and applied to the taget node. The title
        of STIG settings are tagged with the text 'Skip' to identify the skips to policy across the
        data center when you centralize DSC log collection.
    .PARAMETER SkipRuleType
        All STIG rule IDs of the specified type are collected in an array and passed to the Skip-Rule
        function. Each rule follows the same process as the SkipRule parameter.
#>

configuration Vsphere
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string]
        $Version,

        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string]
        $HostIP,

        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string]
        $ServerIP,

        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [System.Management.Automation.PSCredential]
        $Credential,

        [Parameter()]
        [string[]]
        $VirtualStandardSwitchGroup,

        [Parameter()]
        [string[]]
        $VmGroup,

        [Parameter()]
        [ValidateNotNullOrEmpty()]
        [version]
        $StigVersion,

        [Parameter()]
        [ValidateNotNullOrEmpty()]
        [hashtable]
        $Exception,

        [Parameter()]
        [ValidateNotNullOrEmpty()]
        [object]
        $OrgSettings,

        [Parameter()]
        [ValidateNotNullOrEmpty()]
        [string[]]
        $SkipRule,

        [Parameter()]
        [ValidateNotNullOrEmpty()]
        [string[]]
        $SkipRuleType,

        [Parameter()]
        [ValidateSet('CAT_I', 'CAT_II', 'CAT_III')]
        [string[]]
        $SkipRuleSeverity
    )

    ##### BEGIN DO NOT MODIFY #####
    $stig = [STIG]::New('Vsphere', $Version, $StigVersion)
    $stig.LoadRules($OrgSettings, $Exception, $SkipRule, $SkipRuleType, $SkipRuleSeverity)
    ##### END DO NOT MODIFY #####

    Import-DscResource -ModuleName Vmware.vSphereDSC -ModuleVersion 2.1.0.58
    . "$resourcePath\Vsphere.VmHostAcceptanceLevel.ps1"
    . "$resourcePath\Vsphere.VmHostAdvancedSettings.ps1"
    . "$resourcePath\Vsphere.VMHostNtpSettings.ps1"
    . "$resourcePath\Vsphere.VmHostService.ps1"
    . "$resourcePath\Vsphere.VmHostSNMPAgent.ps1"
    . "$resourcePath\Vsphere.VmHostVMKernelActiveDumpPartition.ps1"
    . "$resourcePath\Vsphere.VmHostVssSecurity.ps1"
    . "$resourcePath\Vsphere.VmHostVssPortGroupSecurity.ps1"

    Import-DscResource -ModuleName PSDSCresources -ModuleVersion 2.12.0.0
    . "$resourcePath\windows.Script.skip.ps1"
}