SkylineAutomationToolkit.psm1
|
function nsxinstall { if (get-module -listavailable -name PowerNSX) { write-host "...PowerNSX has already been installed..." } else { install-module PowerNSX -force write-host "...install PowerNSX..." } } function vropsinstall { if (get-module -listavailable -name Vmware.VimAutomation.vROps) { write-host "...Vmware.VimAutomation.vROps has already been installed..." } else { install-module Vmware.VimAutomation.vROps -force write-host "...install Vmware.VimAutomation.vROps..." } } function powercliinstall { if (get-module -listavailable -name vmware.powercli) { write-host "...Powercli has already been installed..." } else { install-module vmware.powercli -force Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP $false -confirm:$false Set-PowerCLIConfiguration -InvalidCertificateAction ignore -confirm:$false write-host "...install Powercli..." } } function send2slack { import-csv $fileslack | foreach-object { $Body = @{ channel = $SLACKCHANNEL text = "$_" color = "#3AA3E3" attachment_type = "default" } $headers = @{Authorization = "Bearer $SLACKTOKEN"} Invoke-RestMethod -Method Post -Uri "https://slack.com/api/chat.postMessage" -Headers $headers -Body $body } } function send2servicenow { $SNComment = get-content $fileservicenow $params = @{ Url = "$SERVICENOWSERVER" Credential = $userCred } New-ServiceNowSession @params New-ServiceNowIncident -caller $SERVICENOWUSER -shortdescription "Skyline Findings - List" -comment "$SNComment" } function send2jira { $JIRACONTEXT = get-content $filejira $filejira2 = "jira.json" if (-not(Test-Path -Path $filejira2 -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $filejira2 -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $filejira2 add-content $filejira2 '{' add-content $filejira2 ' "fields": {' add-content $filejira2 ' "project":' add-content $filejira2 ' {' add-content $filejira2 ' "key": "SKYLINE"' add-content $filejira2 ' },' add-content $filejira2 ' "summary": "Skyline - Findings",' add-content $filejira2 " `"description`": `"$JIRACONTEXT`" ," add-content $filejira2 ' "issuetype": {' add-content $filejira2 ' "id": "3"' add-content $filejira2 ' }' add-content $filejira2 ' }' add-content $filejira2 '}' $credjira = get-credential invoke-restmethod -method post -uri $JIRASERVER -authentication basic -credential $credjira -infile $filejira2 -contenttype "application/json" } function confirmX { $file = checkfile . $file if (-not($CONFIRM -eq "NO")) { write-host "" write-host "Here are the changes you are about to do:" write-host "" write-host "Management Host: $VCENTER" write-host "Affected Host: $ESX" write-host "KB Reference: $KB" write-host "Detail: $DETAILX" write-host "" $confirmation = Read-Host "Do you want to continue (y/n)" return $confirmation } else { $confirmation = "y" return $confirmation } } function security { $SSHsecurity = plink -batch root@$SERVERX -no-antispoof -pw "$password" "grep -v '#' /etc/ssh/sshd_config | grep -c '$SEC1 $SEC2'" if ( $SSHsecurity -lt 1) { write-output "...set $SEC1..." plink -batch root@$SERVERX -no-antispoof -pw "$password" "echo '$SEC1 $SEC2' >> /etc/ssh/sshd_config" } else { write-output "...$SEC1 has already been set..." } return $security } function tagset { $tagcatinfo = get-tagcategory skyline if ($tagcatinfo.Count -lt 1) { #create everything new-tagcategory skyline -cardinality "multiple" -description "Skyline Automation Toolkit" get-tagcategory skyline | new-tag SATversion -description "1.1.1" new-tagassignment -tag SATversion -entity Datacenters get-tagcategory skyline | new-tag SATusage -description "1" new-tagassignment -tag SATusage -entity Datacenters } else { #dont create $tagversion = get-tag SATversion if ($tagversion.description -ne "1.1.1") { get-tag SATversion | remove-tag -confirm:$false get-tagcategory skyline | new-tag SATversion -description "1.1.1" new-tagassignment -tag SATversion -entity Datacenters } $tagusage = get-tag SATusage $tagusagevalue = $tagusage.description $tagusagenum = [int]$tagusagevalue $tagusagenum2 = $tagusagenum + 1 get-tag SATusage | remove-tag -confirm:$false get-tagcategory skyline | new-tag SATusage -description "$tagusagenum2" new-tagassignment -tag SATusage -entity Datacenters } } function checkfile { $fileuname = '/usr/bin/uname' if (-not(Test-Path -Path $fileuname -PathType Leaf)) { $file = 'c:\skyline\SkylineUtils-config.ps1' } else { mkdir /skyline $file = '/skyline/SkylineUtils-config.ps1' } return $file } function cleansnapshots { connect-viserver -server $VCENTER tagset get-vm $ESX | get-snapshot | remove-snapshot -confirm:$false disconnect-viserver -confirm:$false } function getaccesstoken2 { $Header = @{ "Accept" = "application/json" "Content-Type" = "application/x-www-form-urlencoded" } $file = checkfile . $file $Body = @{ refresh_token = "$APITOKEN" } $MYTOKEN = Invoke-RestMethod -method Post -Uri "$APITOKENSERVER" -Headers $Header -Body $Body return $MYTOKEN.access_token } function createsource { $file = checkfile if (-not(Test-Path -Path $file -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $file -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } } function vcenterpatch { $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) plink -ssh root@$VCENTER -no-antispoof -batch -pw "$password" 'software-packages stage --iso --acceptEulas' plink -ssh root@$VCENTER -no-antispoof -batch -pw "$password" 'software-packages install' } function patching { tagset $patches = get-patch $PATCHX $getpatchx = get-patchbaseline $PATCHX if ($getpatchx -lt 1) { new-patchbaseline -name $PATCHX -includepatch $patches -static } get-baseline $PATCHX | attach-baseline -entity $ESX get-inventory $ESX | scan-inventory } #patching function skyline-fixer { [CmdletBinding()] param( [string]$OPTIONX, [string]$CSVFILE, [string]$FIXWORK ) switch ( $OPTIONX ) { "taginfo" { connect-viserver -server $CSVFILE tagset disconnect-viserver -confirm:$false } "kblist" { '' '' write-host "vSphere" write-host "https://kb.vmware.com/s/article/52387" write-host "https://kb.vmware.com/s/article/53134" write-host "https://kb.vmware.com/s/article/55650" write-host "https://kb.vmware.com/s/article/55683" write-host "https://kb.vmware.com/s/article/58715" write-host "https://kb.vmware.com/s/article/58874" write-host "https://kb.vmware.com/s/article/65207" write-host "https://kb.vmware.com/s/article/67129" write-host "https://kb.vmware.com/s/article/67259" write-host "https://kb.vmware.com/s/article/67529" write-host "https://kb.vmware.com/s/article/70737" write-host "https://kb.vmware.com/s/article/70813" write-host "https://kb.vmware.com/s/article/76163" write-host "https://kb.vmware.com/s/article/76372" write-host "https://kb.vmware.com/s/article/76613" write-host "https://kb.vmware.com/s/article/76630" write-host "https://kb.vmware.com/s/article/76733" write-host "https://kb.vmware.com/s/article/76745" write-host "https://kb.vmware.com/s/article/76755" write-host "https://kb.vmware.com/s/article/79520" write-host "https://kb.vmware.com/s/article/79694" write-host "https://kb.vmware.com/s/article/80703" write-host "https://kb.vmware.com/s/article/81227" write-host "https://kb.vmware.com/s/article/81397" write-host "https://kb.vmware.com/s/article/81576" write-host "https://kb.vmware.com/s/article/81829" write-host "https://kb.vmware.com/s/article/82374" write-host "https://kb.vmware.com/s/article/82498" write-host "https://kb.vmware.com/s/article/83275" write-host "https://kb.vmware.com/s/article/83473" write-host "https://kb.vmware.com/s/article/83517" write-host "https://kb.vmware.com/s/article/83824" write-host "https://kb.vmware.com/s/article/83829" write-host "https://kb.vmware.com/s/article/85071" write-host "https://kb.vmware.com/s/article/86069" write-host "https://kb.vmware.com/s/article/1003736" write-host "https://kb.vmware.com/s/article/1025279" write-host "https://kb.vmware.com/s/article/1025757" write-host "https://kb.vmware.com/s/article/2003322" write-host "https://kb.vmware.com/s/article/2136430" write-host "https://kb.vmware.com/s/article/2149237" write-host "https://kb.vmware.com/s/article/2147959" write-host "https://kb.vmware.com/s/article/2150190" write-host "https://kb.vmware.com/s/article/2150794" write-host "https://kb.vmware.com/s/article/2150353" '' write-host "vSAN" write-host "https://kb.vmware.com/s/article/84209" write-host "https://kb.vmware.com/s/article/50121439" '' '' write-host "horizon" write-host "https://kb.vmware.com/s/article/2144475" '' write-host "vra (VMware Automation)" write-host "https://kb.vmware.com/s/article/1025279" '' '' write-host "vrops (VMware Operations Manager)" write-host "https://kb.vmware.com/s/article/53289" write-host "https://kb.vmware.com/s/article/76154" write-host "https://kb.vmware.com/s/article/2145578" '' '' write-host "VMSA" write-host "https://www.vmware.com/security/advisories/VMSA-2019-0022.html" write-host "https://www.vmware.com/security/advisories/VMSA-2020-0002.html" write-host "https://www.vmware.com/security/advisories/VMSA-2020-0015.html" write-host "https://www.vmware.com/security/advisories/VMSA-2021-0013.html" write-host "https://www.vmware.com/security/advisories/VMSA-2022-0004.html" write-host "https://www.vmware.com/security/advisories/VMSA-2022-0007.html" '' '' createsource } #kblist "csv" { createsource import-csv $CSVFILE | foreach-object { $KB = $_."Reference" $KB = $KB.trim() $VCENTER = $_."Source Name" $ESX = $_."Object Name" switch -wildcard ( $KB ) { { ($_ -eq "https://kb.vmware.com/s/article/1025279") -or ($_ -eq "https://kb.vmware.com/s/article/2149237")} { $DETAILX = "clean all snapshots" $confirmY = confirmX if ($confirmY -eq 'y') { cleansnapshots } } #2149237_1025279 "https://kb.vmware.com/s/article/76372" { $DETAILX = "turn off sfcbd and slapd" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER tagset Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "sfcbd-watchdog"} | Stop-VMHostService -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "slpd"} | Stop-VMHostService -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "sfcbd-watchdog"} | Set-VMHostService -Policy Off -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "slpd"} | Set-VMHostService -Policy Off -Confirm:$false disconnect-viserver -confirm:$false } } #76372 "https://kb.vmware.com/s/article/67259" { #NOTE: scp intel-nmve-*.vib into ESX:/tmp $DETAILX = "set debug_mask for qfle3" $confirmY = confirmX if ($confirmY -eq 'y') { plink root@$ESX 'esxcli system module parameters set -m qfle3 -p "debug_mask=0"' } } #67259 "https://kb.vmware.com/s/article/50121439" { #NOTE: scp intel-nmve-*.vib into ESX:/tmp $DETAILX = "install intel-nvme*.vib" $confirmY = confirmX if ($confirmY -eq 'y') { plink root@$ESX 'esxcli software vib install -v /tmp/intel-nvme-*.vib' } } #50121439 "https://kb.vmware.com/s/article/53289" { #NOTE: ESX = VROPS $DETAILX = "stop syslog and remove /var/log/warn, /var/logauth.log, and /var/log/messages" $confirmY = confirmX if ($confirmY -eq 'y') { $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) plink root@$ESX -batch -pw "$password" 'service syslog stop' plink root@$ESX -batch -pw "$password" 'rm -f /var/log/warn* /var/log/auth.log* /var/log/messages*' plink root@$ESX -batch -pw "$password" 'service syslog start' } } #53289 "https://kb.vmware.com/s/article/76154" { #NOTE: ESX = VROPS $DETAILX = "restart rsyslog" $confirmY = confirmX if ($confirmY -eq 'y') { plink root@$ESX 'service rsyslog restart' } } #76154 "https://kb.vmware.com/s/article/2145578" { #NOTE: ESX = VROPS $DETAILX = "clean /storage/log" $confirmY = confirmX if ($confirmY -eq 'y') { plink root@$ESX 'find /storage/log/ -mount -type f -mtime +1 -exec echo {} \; -exec truncate -cs 0 {} \; 2>&1 | tee /tmp/files_truncated.txt' } } #2145578 "https://kb.vmware.com/s/article/76630" { #NOTE: check to make sure ssh has been enabled on ESX #NOTE: create for loop for multiple ESX server $DETAILX = "install QLC_bootbank_qcnic, qfe3, qfe3f, and qfe3i" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { if ($FIXWORK -eq 'fix') {#NOTE: scp QLC_bootbank_q*.vib into ESX:/tmp $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib' plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib' plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib' plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib' } else { #NOTE: workaround $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) plink root@$ESX -batch -pw "$password" 'esxcfg-module -d qfle3i' plink root@$ESX -batch -pw "$password" 'esxcfg-module -d qfle3f' plink root@$ESX -batch -pw "$password" 'esxcfg-module -d qcnic' } } #6.5.* "6.7.*" { if ($FIXWORK -eq 'fix') {#NOTE: scp QLC_bootbank_q*.vib into ESX:/tmp $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib' plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib' plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib' plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib' } else { #NOTE: workaround $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) plink root@$ESX -batch -pw "$password" 'esxcfg-module -d qfle3i' plink root@$ESX -batch -pw "$password" 'esxcfg-module -d qfle3f' plink root@$ESX -batch -pw "$password" 'esxcfg-module -d qcnic' } } #6.7.0 } #switch-HOSTX #NOTE: does not support v7.0 disconnect-viserver -confirm:$false } } #76630 "https://kb.vmware.com/s/article/85071" { $DETAILX = "configure ESXi670-202111001 and ESXi70U3c-19193900 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.7.*" { $PATCHX = "ESXi670-202111001" patching } #6.7.0 "7.0.*" { $PATCHX = "ESXi70U3c-19193900" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #85071 "https://kb.vmware.com/s/article/83473" { $DETAILX = "configure ESXi70U2c-18426014 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "7.0.*" { $PATCHX = "ESXi70U2c-18426014" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #83473 "https://kb.vmware.com/s/article/81397" { $DETAILX = "configure ESXi70U1c-17325551 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "7.0.*" { $PATCHX = "ESXi70U1c-17325551" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #81397 "https://kb.vmware.com/s/article/84209" { $DETAILX = "configure ESXi70U2-17630552 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "7.0.*" { $PATCHX = "ESXi70U2-17630552" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #84209 "https://kb.vmware.com/s/article/81227" { $DETAILX = "configure ESXi650-202102001, ESXi670-202011002, and ESXi70U3d-19482537 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-202102001" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-202011002" patching } #6.7.0 "7.0.*" { $PATCHX = "ESXi70U3d-19482537" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #81227 "https://kb.vmware.com/s/article/53134" { $DETAILX = "configure ESXi650-201912002 and ESXi670-201912001 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-201912002" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-201912001" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #53134 "https://kb.vmware.com/s/article/79694" { $DETAILX = "configure ESXi70b-16324942 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "7.0.*" { $PATCHX = "ESXi70b-16324942" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #79694 "https://www.vmware.com/security/advisories/VMSA-2022-0007.html" { $DETAILX = "configure TOOLS-17901792 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "TOOLS-19346243" patching disconnect-viserver -confirm:$false } } #vmsa-2022-0007 "https://www.vmware.com/security/advisories/VMSA-2021-0013.html" { $DETAILX = "configure TOOLS-17901792 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "TOOLS-17901792" patching disconnect-viserver -confirm:$false } } #vmsa-2021-0013 "https://www.vmware.com/security/advisories/VMSA-2020-0002.html" { $DETAILX = "configure TOOLS-15948996 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "TOOLS-15948996" patching disconnect-viserver -confirm:$false } } #vmsa-2020-0002 "https://www.vmware.com/security/advisories/VMSA-2022-0004.html" { $DETAILX = "configure ESXi650-202202401-SG, ESXi670-202111101-SG, ESXi70U1e-19324898, ESXi70U2e-19290878, and ESXi70U3c-19193900 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-202202401-SG" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-202111101-SG" patching } #6.7.0 "7.0.*" { #NEED TO LOOK INTO THIS $PATCHX = "ESXi70U1e-19324898" patching $PATCHX = "ESXi70U2e-19290878" patching $PATCHX = "ESXi70U3c-19193900" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #vmsa-2022-0004 "https://kb.vmware.com/s/article/76163" { $DETAILX = "configure TOOLS-15948996 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "TOOLS-15948996" patching disconnect-viserver -confirm:$false } } #76163 "https://kb.vmware.com/s/article/76733" { $DETAILX = "configure ESXi670-202004002 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.7.*" { $PATCHX = "ESXi670-202004002" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #76733 "https://kb.vmware.com/s/article/2150794" { $DETAILX = "configure ESXi650-201907201-UG and ESXi670-201908201-UG ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-201907201-UG" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-201908201-UG" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #2150794 "https://kb.vmware.com/s/article/76613" { $DETAILX = "configure ESXi600-201911001, ESXi650-201911001, and ESXi670-201911001 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.0.*" { $PATCHX = "ESXi600-201911001" patching } #6.0.0 "6.5.*" { $PATCHX = "ESXi650-201911001" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-201911001" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #76613 "https://kb.vmware.com/s/article/1025757" { $DETAILX = "configure ESXi650-202107001, ESXi670-202103001, and ESXi70U2-17630552 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-202107001" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-202103001" patching } #6.7.0 "7.0.*" { $PATCHX = "ESXi70U2-17630552" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #1025757 "https://kb.vmware.com/s/article/67129" { $DETAILX = "configure ESXi650-201907201-UG and ESXi670-201908201-UG ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-201907201-UG" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-201908201-UG" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839) disconnect-viserver -confirm:$false } } #67129 "https://kb.vmware.com/s/article/70737" { $DETAILX = "configure ESXi670-201908201-UG ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.7.*" { $PATCHX = "ESXi670-201908201-UG" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839) disconnect-viserver -confirm:$false } } #70737 "https://kb.vmware.com/s/article/65207" { $DETAILX = "configure ESXi670-201908201-UG ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.7.*" { $PATCHX = "ESXi670-201908201-UG" patching } #6.7.0 "7.0.*" { $PATCHX = "ESXi70b-16324942" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #70813 "https://kb.vmware.com/s/article/80703" { $DETAILX = "configure ESXi70U1-16850804 and ESXi670-202103001 ESX Baselines (esx7 patch not availabe at them moment)" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "7.0.*" { $PATCHX = "ESXi70U1-16850804" patching } #6.5.* "6.7.*" { $PATCHX = "ESXi670-202103001" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839) disconnect-viserver -confirm:$false } } #80703 "https://www.vmware.com/security/advisories/VMSA-2019-0022.html" { $DETAILX = "configure ESXi600-201912001, ESXi650-201912001, and ESXi670-201912001 ESX Baselines (DAS Fix and Workaround not availabe at them moment)" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.0.*" { $PATCHX = "ESXi600-201912001" patching } #6.0.* "6.5.*" { $PATCHX = "ESXi650-201912001" patching } #6.5.* "6.7.*" { $PATCHX = "ESXi670-201912001" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need DAS fix #NOTE: need Workaround disconnect-viserver -confirm:$false } } #VMSA-2019-0022 "https://www.vmware.com/security/advisories/VMSA-2020-0015.html" { $DETAILX = "configure ESXi650-202005401-SG, ESXi670-202004101-SG, and ESXi70b-16324942 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-202005401-SG" patching } #6.5.* "6.7.*" { $PATCHX = "ESXi670-202004101-SG" patching } #6.7.0 "7.0.*" { $PATCHX = "ESXi70b-16324942" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #VMSA-2020-0015 "https://www.vmware.com/security/advisories/VMSA-2020-0023.html" { $DETAILX = "configure ESXi650-202011001, ESXi670-202011001, and ESXi70U1a-17119627 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-202011001" patching } #6.5.* "6.7.*" { $PATCHX = "ESXi670-202011001" patching } #6.7.0 "7.0.*" { $PATCHX = "ESXi70U1a-17119627" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #VMSA-2020-0023 "https://kb.vmware.com/s/article/58715" { $DETAILX = "configure ESXi650-201810401-BG and ESXi670-201810401-BG ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-201810401-BG" patching } #6.5.* "6.7.*" { $PATCHX = "ESXi670-201810401-BG" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #58715 "https://kb.vmware.com/s/article/67529" { $DETAILX = "configure ESXi650-201912002 and ESXi670-202103001 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-201912002" patching } #6.5.* "6.7.*" { $PATCHX = "ESXi670-202103001" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #67529 "https://kb.vmware.com/s/article/81576" { $DETAILX = "configure ESXi70U1c-17325551 and ESXi670-202011002 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "7.0.*" { $PATCHX = "ESXi70U1c-17325551" patching } #7.0.* "6.7.0" { $PATCHX = "ESXi670-202011002" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #81576 "https://kb.vmware.com/s/article/79520" { #NOTE:config configs exist on vcenter $DETAILX = "configure config.task.timeout and config.vmomi.soapStubAdapter" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER tagset get-advancedsetting -entity $ESX -name "config.task.timeout" | set-advancedsetting -value "7200" -confirm:$false get-advancedsetting -entity $ESX -name "config.vmomi.soapStubAdapter.blockingTimeoutSeconds" | set-advancedsetting -value "18000" -confirm:$false disconnect-viserver -confirm:$false } } #79520 "https://kb.vmware.com/s/article/2144475" { #NOTE: ESX is really VM in this context #NOTE: VDI $DETAILX = "configure svga.enableScreenDMA" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER get-advancesetting -entity $ESX -name svga.enableScreenDMA | set-advancesetting -value TRUE -confirm:$false disconnect-viserver -confirm:$false } } #2144475 { ($_ -eq "https://kb.vmware.com/s/article/86069") -or ($_ -eq "https://kb.vmware.com/s/article/82498") -or ($_ -eq "https://kb.vmware.com/s/article/2150190") -or ($_ -eq "https://kb.vmware.com/s/article/76745") -or ($_ -eq "https://kb.vmware.com/s/article/76755") -or ($_ -eq "https://kb.vmware.com/s/article/83829") -or ($_ -eq "https://kb.vmware.com/s/article/83275") -or ($_ -eq "https://kb.vmware.com/s/article/81829") -or ($_ -eq "https://kb.vmware.com/s/article/83824") -or ($_ -eq "https://kb.vmware.com/s/article/55683") -or ($_ -eq "https://kb.vmware.com/s/article/52387") -or ($_ -eq "https://kb.vmware.com/s/article/82374")} { $DETAILX = "WARNING - Actual vCenter Patch Install" $confirmY = confirmX if ($confirmY -eq 'y') { vcenterpatch } } #86069 "https://kb.vmware.com/s/article/1003736*" { $file = checkfile . $file if ($NTPSERVER -eq $null) { $SAMPLENTP = select-string -path $file -pattern NTPSERVER if ($SAMPLENTP.Matches.Count -lt 1) { add-content $file '#NTPSERVER = "NEED-NTP-SERVER"' } write-host '' write-host "ERROR - cannot execute, please update NTPSERVER entry in $file" write-host '' } else { $DETAILX = "NTP SERVER used ($NTPSERVER)" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER tagset add-vmhostntpserver -vmhost $ESX -ntpserver $NTPSERVER get-vmhost -name $ESX | get-vmhostservice | where-object {$_.key -eq "ntpd" } | start-vmhostservice get-vmhost -name $ESX | get-vmhostservice | where-object {$_.key -eq "ntpd" } | set-vmhostservice -policy "automatic" disconnect-viserver -confirm:$false } } } #1003736 "https://kb.vmware.com/s/article/83517" { $DETAILX = "configure ESXi70U2c-18426014 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "ESXi70U2c-18426014" patching disconnect-viserver -confirm:$false } } #83517 "https://kb.vmware.com/s/article/2147959" { $DETAILX = "configure ESXi600-Update03 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "ESXi600-Update03" patching disconnect-viserver -confirm:$false } } #2147959 "https://kb.vmware.com/s/article/58874" { $DETAILX = "configure ESXi670-Update02 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "ESXi670-Update02" patching disconnect-viserver -confirm:$false } } #58874 "https://kb.vmware.com/s/article/2150353" { $DETAILX = "configure ESXi600-201711001 and ESXi650-201712001 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.0.*" { $PATCHX = "ESXi600-201711001" patching } #6.0.0 "6.5.*" { $PATCHX = "ESXi650-201712001" patching } #6.5.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #2150353 "https://kb.vmware.com/s/article/2136430" { $DETAILX = "configure ESXi550-201608001 and ESXi600-201611401-BG ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "5.5.*" { $PATCHX = "ESXi550-201608001" patching } #5.5.* "6.0.*" { $PATCHX = "ESXi600-201611401-BG" patching } #6.0.* } #switch-HOSTX disconnect-viserver -confirm:$false } } #2136430 "https://kb.vmware.com/s/article/55650" { $DETAILX = "configure ESXi670-201811401-BG and ESXi650-201811401-BG ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.7.*" { $PATCHX = "ESXi670-201811401-BG" patching } #6.7.* "6.5.*" { $PATCHX = "ESXi650-201811401-BG" patching } #6.5.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #55650 "https://kb.vmware.com/s/article/2003322" { $file = checkfile . $file if ($LOGDIR -eq $null) { $SAMPLELOGDIR = select-string -path $file -pattern LOGDIR if ( $SAMPLELOGDIR.Matches.Count -lt 1) { add-content $file '#LOGDIR = "NEED-LOG-DIR"' add-content $file '#LOGHOST = "NEED-LOG-HOST"' } write-host '' write-host "ERROR - cannot execute, please update LOGDIR and LOGHOST entries in $file" write-host '' } else { $DETAILX = "configure syslog.global.logdir, syslog.global.logdirunique, and syslog.global.hostHost" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER tagset get-advancedsetting -entity $ESX -name "Syslog.global.logDir" | set-advancedsetting -value "[$LOGDIR] /" -confirm:$false get-advancedsetting -entity $ESX -name "Syslog.global.logDirUnique" | set-advancedsetting -value $true -confirm:$false get-advancedsetting -entity $ESX -name "Syslog.global.logHost" | set-advancedsetting -value "udp://$LOGHOST:514" -confirm:$false disconnect-viserver -confirm:$false } } } #2003322 default { '' 'ERROR - cannot execute, this KB fix has not been implimented yet. Will be added in the near future.' '' } #default-csvfile } #switch-CSVFILE } #import } #csv default { '' 'USAGE: skyline-fixer ARG VARIABLE' ' kblist' ' csv Finding.csv (fix | workaround)' '' createsource } #default } #switch-OPTIONX } #function function skyline-helper { [CmdletBinding()] param( [string]$CHOICE1, [string]$CHOICE2, [string]$CHOICE3, [string]$CHOICE4, [string]$CHOICE5 ) switch ( $CHOICE1 ) { prep-all { powercliinstall nsxinstall vropsinstall } create-role { connect-viserver -server $CHOICE2 tagset new-virole -name $CHOICE3 -privilege (get-viprivilege -id global.diagnostics, global.health, global.licenses, global.settings, system.anonymous, system.view, system.read, storageviews.view) disconnect-viserver -confirm:$false } check-role { connect-viserver -server $CHOICE2 tagset get-virole $CHOICE3 | get-viprivilege | select Id disconnect-viserver -confirm:$false } add-2-role { connect-viserver -server $CHOICE2 tagset new-vipermission -entity (get-folder -norecursion) -principal $CHOICE3 -role $CHOICE4 -propagate:$true disconnect-viserver -confirm:$false } check-account { connect-viserver -server $CHOICE2 tagset get-vipermission -principal $CHOICE3 disconnect-viserver -confirm:$false } stop-ssh { connect-viserver -server $CHOICE2 get-vmhost -name $CHOICE3 | get-vmhostservice | Where Key -EQ "TSM-SSH" | stop-vmhostservice -confirm:$false disconnect-viserver -confirm:$false } start-ssh { connect-viserver -server $CHOICE2 get-vmhost -name $CHOICE3 | get-vmhostservice | Where Key -EQ "TSM-SSH" | start-vmhostservice -confirm:$false disconnect-viserver -confirm:$false } skyline-prep { Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) choco feature enable -n=allowGlobalConfirmation choco install putty choco install curl } check-update {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli update --check" } install-update {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli update --install latest --accepteula" } check-version {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli version --appliance" } nsx-prep { nsxinstall } reset-adminpw { plink -ssh root@$CHOICE2 -no-antispoof "cp /usr/local/skyline/ccf/config/generated/credentials.json /usr/local/skyline/ccf/config/generated/credentials.old" write-host '' write-host 'Please reboot skyline appliance now. The admin password is now "default"' write-host '' } check-autoupdate { $AUTOUP = plink -ssh root@$CHOICE2 -no-antispoof "grep false /usr/local/skyline/ccf/config/generated/AutoUpdateConfig.json | wc -l" if ($AUTOUP -eq 0) {write-output "AutoUpdate: Disabled"} else {write-output "AutoUpdate: Enabled"} } check-proxy { $PROXY = plink -ssh root@$CHOICE2 -no-antispoof "grep 0 /usr/local/skyline/ccf/config/generated/NetworkConfig.json | wc -l" if ($PROXY -eq 0) {write-output "Proxy: Enabled"} else {write-output "Proxy: Disabled"} } check-nsxaccount { connect-nsxserver -vCenterServer $CHOICE2 get-nsxuserrole $CHOICE3 disconnect-nsxserver -confirm:$false } vrops-prep { vropsinstall } check-vropsaccount { connect-omserver $CHOICE2 get-omuser $CHOICE3 disconnect-omserver -confirm:$false } skyline-vm-check { connect-viserver -server $CHOICE2 tagset get-vm $CHOICE3 disconnect-viserver -confirm:$false } skyline-vm-turnon { connect-viserver -server $CHOICE2 tagset start-vm $CHOICE3 disconnect-viserver -confirm:$false } powercli-prep { powercliinstall } ova-prep { $file = checkfile . $file if ($OVAPATH -eq $null) { $SAMPLEOVAPATH = select-string -path $file -pattern OVAPATH if ( $SAMPLEOVAPATH.Matches.Count -lt 1) { add-content $file '#OVAPATH = "NEED-OVA-PATH"' add-content $file '#OVANAME = "NEED-OVA-NAME"' add-content $file '#OVAIP = "NEED-OVA-IP"' add-content $file '#OVANETMASK = "NEED-OVA-NETMASK"' add-content $file '#OVADNS = "NEED-OVA-DNS"' add-content $file '#OVAGW = "NEED-OVA-GATEWAY"' add-content $file '#OVAPASSWD = "NEED-OVA-PASSWORD"' write-host '' write-host "please update OVA entries in $file" write-host '' } } } ova-deploy { $file = checkfile . $file if ($OVAPATH -ne $null) { connect-viserver -server $CHOICE2 tagset $ovfConfig = Get-OvfConfiguration $OVAPATH $ovfConfig.NetworkMapping.Network_1.Value = $CHOICE5 $ovfConfig.vami.VMware_Skyline_Appliance.gateway.value = $OVAGW $ovfConfig.vami.VMware_Skyline_Appliance.DNS.value = $OVADNS $ovfConfig.vami.VMware_Skyline_Appliance.ip0.value = $OVAIP $ovfConfig.vami.VMware_Skyline_Appliance.netmask0.value = $OVANETMASK $ovfConfig.Common.varoot_password.Value = $OVAPASSWD Import-VApp -source $OVAPATH -name $OVANAME -OvfConfiguration $ovfConfig -VMHost $CHOICE3 -datastore $CHOICE4 -diskstorageformat thin start-vm -vm $OVANAME -confirm:$false disconnect-viserver -confirm:$false } else { write-host '' write-host "ERROR - cannot execute, please update OVA entries in $file" write-host '' } } enable-start-docker {plink -ssh root@$CHOICE2 -no-antispoof "systemctl enable docker && systemctl start docker" } get-vcsusers { $file = checkfile . $file connect-vcs -apitoken $APITOKEN get-vcsuser disconnect-vcs -confirm:$false } check-vcsrole { $file = checkfile . $file connect-vcs -apitoken $APITOKEN get-vcsorganizationrole -user "$CHOICE2" disconnect-vcs -confirm:$false } new-invitation { $file = checkfile . $file connect-vcs -apitoken $APITOKEN new-vcsuserinvitation -email "$CHOICE2" -organizationrole "organization member" disconnect-vcs -confirm:$false } check-invitation { $file = checkfile . $file connect-vcs -apitoken $APITOKEN get-vcsuserinvitation disconnect-vcs -confirm:$false } remove-invitation { $file = checkfile . $file connect-vcs -apitoken $APITOKEN remove-vcsuserinvitation -invitation "$CHOICE2" disconnect-vcs -confirm:$false } remove-vcsuser { $file = checkfile . $file connect-vcs -apitoken $APITOKEN remove-vcsuser -user "$CHOICE2" disconnect-vcs -confirm:$false } backup-config { if (-not(Test-Path -Path $CHOICE2)) { new-item -name $CHOICE2 -itemtype "directory" pscp -r root@"$CHOICE2":"/usr/local/skyline/ccf/config/generated" $CHOICE2 } else { rename-item $CHOICE2 -newname "$CHOICE2-OLD" new-item -name $CHOICE2 -itemtype "directory" pscp -r root@"$CHOICE2":"/usr/local/skyline/ccf/config/generated" $CHOICE2 } } reset-config { plink -ssh root@$CHOICE2 -no-antispoof "mv /usr/local/skyline/ccf/config/generated /usr/local/skyline/ccf/config/generated.bak | reboot" } default { '' 'USAGE: skyline-help.ps1 ARG VARIABLE' ' (client arg): [powercli-prep | prep-all]' ' (vcenter arg): [create-role | check-role | add-2-role | check-account]' ' (esx arg): [start-ssh | stop-ssh]' ' (skyline arg1): [ova-prep | ova-deploy | skyline-prep]' ' (skyline arg2): [check-update | install-update | check-version]' ' (skyline arg3): [check-autoupdate | check-proxy | backup-config | reset-config]' ' (skyline arg4): [skyline-vm-check | skyline-vm-turnon | reset-adminpw]' ' (nsx arg): [nsx-prep | check-nsxaccount]' ' (vrops arg): [vrops-prep | check-vropsaccount]' ' (docker arg): [enable-start-docker]' ' (advisor arg1): [get-vcsusers | remove-vcsuser | check-vcsrole]' ' (advisor arg2): [new-invitation | check-invitation | remove-invitation]' '' createsource } } } #skyline-helper function skyline-docker { [CmdletBinding()] param( [string]$CHOICE1, [string]$CHOICE2, [string]$CHOICE3, [string]$CHOICE4, [string]$CHOICE5 ) switch ( $CHOICE1 ) { docker-prep { $file = checkfile . $file if ($DOCKERPATH -eq $null) { $SAMPLEDOCKERPATH = select-string -path $file -pattern DOCKERPATH if ( $SAMPLEDOCKERPATH.Matches.Count -lt 1) { add-content $file '#DOCKERPATH = "NEED-OVA-PATH"' add-content $file '#DOCKERNAME = "NEED-OVA-NAME"' add-content $file '#DOCKERIP = "NEED-OVA-IP"' add-content $file '#DOCKERNETMASK = "NEED-OVA-NETMASK"' add-content $file '#DOCKERDNS = "NEED-OVA-DNS"' add-content $file '#DOCKERGW = "NEED-OVA-GATEWAY"' add-content $file '#DOCKERPASSWD = "NEED-OVA-PASSWORD"' write-host '' write-host "please update DOCKER entries in $file" write-host '' } } } docker-deploy { $file = checkfile . $file if ($DOCKERPATH -ne $null) { connect-viserver -server $CHOICE2 tagset $dovfConfig = Get-OvfConfiguration $DOCKERPATH $dovfConfig.NetworkMapping.Network_1.Value = $CHOICE5 $dovfConfig.vami.VMware_Skyline_Appliance.gateway.value = $DOCKERGW $dovfConfig.vami.VMware_Skyline_Appliance.DNS.value = $DOCKDERDNS $dovfConfig.vami.VMware_Skyline_Appliance.ip0.value = $DOCKERIP $dovfConfig.vami.VMware_Skyline_Appliance.netmask0.value = $DOCKERNETMASK $dovfConfig.Common.varoot_password.Value = $DOCKERPASSWD Import-VApp -source $OVAPATH -name $DOCKERNAME -OvfConfiguration $dovfConfig -VMHost $CHOICE3 -datastore $CHOICE4 -diskstorageformat thin start-vm -vm $DOCKERNAME -confirm:$false disconnect-viserver -confirm:$false } else { write-host '' write-host "ERROR - cannot execute, please update DOCKER entries in $file" write-host '' } } docker-install { if ($CHOICE2 -eq "self") { mkdir /skyline tdnf install -y docker systemctl enable docker systemctl start docker } else { $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) $SATVER = (get-module SkylineAutomationToolkit).Version.tostring() write-output $SATVER plink -ssh root@$CHOICE2 -no-antispoof -batch -pw "$password" 'mkdir /skyline' pscp -pw "$password" "C:\Program Files\WindowsPowerShell\Modules\SkylineAutomationToolkit\$SATVER\SkylineAutomationToolkit-docker2.sh" root@"$CHOICE2":/skyline plink -ssh root@$CHOICE2 -no-antispoof -batch -pw "$password" 'chmod +x /skyline/SkylineAutomationToolkit-docker2.sh' plink -ssh root@$CHOICE2 -no-antispoof -batch -pw "$password" '/skyline/SkylineAutomationToolkit-docker2.sh -install' } } docker-salt { if ($CHOICE2 -eq "self") { write-output "...coming soon..." } else { plink -ssh root@$CHOICE2 -no-antispoof '/skyline/SkylineAutomationToolkit-docker2.sh -install-salt' } } docker-sftp { plink -ssh root@$CHOICE2 -no-antispoof '/skyline/SkylineAutomationToolkit-docker2.sh -install-sftp' } default { '' 'USAGE: skyline-docker ARG VARIABLE' ' (arg1): [docker-prep | docker-deploy | docker-install] [self|hostname]' ' (arg2): [docker-salt | docker-sftp] [self|hostname]' '' createsource } } } #skyline-docker function skyline-comm { [CmdletBinding()] param( [string]$CHOICE1, [string]$CHOICE2, [string]$CHOICE3, [string]$CHOICE4, [string]$CHOICE5 ) switch ( $CHOICE1 ) { prep { $file = checkfile . $file if ($APITOKEN -eq $null) { $SAMPLEAPITOKEN = select-string -path $file -pattern APITOKEN if ( $SAMPLEAPITOKEN.Matches.Count -lt 1) { if (get-module -listavailable -name servicenow) { write-host "...ServiceNow has already been installed..." } else { install-module servicenow -force write-host "...install ServiceNow..." } $file2 = "skyline.json" add-content $file '#APITOKEN = "NEED-API-TOKEN"' add-content $file '#APITOKENSERVER = "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize?grant_type=refresh_token"' add-content $file '#ACCESSSERVER = "https://skyline.vmware.com/public/api/data"' add-content $file '#SLACKTOKEN = "NEED-SLACK-TOKEN"' add-content $file '#SLACKCHANNEL = "NEED-SLACK-CHANNEL"' add-content $file '#SERVICENOWSERVER = "NEED-SERVICENOW-SERVER"' add-content $file '#SERVICENOWUSER = "NEED-SERVICENOW-USER"' add-content $file '#JIRASERVER = "NEED-JIRA-SERVER"' add-content $file2 '{ "query" : "' add-content $file2 '{' add-content $file2 ' activeFindings(limit: 200) {' add-content $file2 ' findings {' add-content $file2 ' findingId' add-content $file2 ' accountId' add-content $file2 ' findingDisplayName' add-content $file2 ' severity' add-content $file2 ' products' add-content $file2 ' findingDescription' add-content $file2 ' findingImpact' add-content $file2 ' recommendations' add-content $file2 ' kbLinkURLs' add-content $file2 ' recommendationsVCF' add-content $file2 ' kbLinkURLsVCF' add-content $file2 ' categoryName' add-content $file2 ' findingTypes' add-content $file2 ' firstObserved' add-content $file2 ' totalAffectedObjectsCount' add-content $file2 ' }' add-content $file2 ' totalRecords' add-content $file2 ' timeTaken' add-content $file2 ' }' add-content $file2 '}' add-content $file2 '"}' write-host '' write-host "please update API entries in $file" write-host '' } } } get-access-token { $MYTOKEN2 = getaccesstoken2 write-output $MYTOKEN2 } get-findings { switch ($CHOICE2) { choice { #TESTING ONLY write-output "CHOICE1 = $CHOICE1" write-output "CHOICE2 = $CHOICE2" write-output "CHOICE3 = $CHOICE3" write-output "CHOICE4 = $CHOICE4" write-output "CHOICE5 = $CHOICE5" } list { $file2 = "skyline.json" clear-content $file2 add-content $file2 '{ "query" : "' add-content $file2 '{' add-content $file2 ' activeFindings(limit: 200) {' add-content $file2 ' findings {' add-content $file2 ' findingId' add-content $file2 ' products' add-content $file2 ' totalAffectedObjectsCount' add-content $file2 ' }' add-content $file2 ' }' add-content $file2 '}' add-content $file2 '"}' $file = checkfile . $file $MYTOKEN2 = getaccesstoken2 $FINDINGS = invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -sessionvariable "SkylineAutomationToolkit" -infile skyline.json -ContentType "application/json" switch ($CHOICE3) { "send2slack" { write-output $FINDINGS.data.activeFindings.findings $fileslack = "skyline-slack.csv" if (-not(Test-Path -Path $fileslack -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $fileslack -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $fileslack $FINDINGS.data.activeFindings.findings | foreach-object { add-content $fileslack $_ } send2slack } "send2servicenow" { write-output $FINDINGS.data.activeFindings.findings $fileservicenow = "skyline-servicenow.csv" if (-not(Test-Path -Path $fileservicenow -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $fileservicenow -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $fileservicenow $FINDINGS.data.activeFindings.findings | foreach-object { add-content $fileservicenow $_ } send2servicenow } "send2jira" { write-output $FINDINGS.data.activeFindings.findings $filejira = "skyline-jira.csv" if (-not(Test-Path -Path $filejira -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $filejira -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $filejira $FINDINGS.data.activeFindings.findings | foreach-object { add-content $filejira $_ } send2jira } "send2csv" { write-output $FINDINGS.data.activeFindings.findings $filecsv = "skyline-getfinding-list.csv" if (-not(Test-Path -Path $filecsv -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $filecsv -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $filecsv $FINDINGS.data.activeFindings.findings | select findingId, @{name="products"; expression={$_.products}}, totalAffectedObjectsCount | export-csv $filecsv -notypeinformation } default { write-output $FINDINGS.data.activeFindings.findings } } } detail { $file2 = "skyline.json" clear-content $file2 add-content $file2 '{ "query" : "' add-content $file2 '{' add-content $file2 ' activeFindings(' add-content $file2 ' filter: {' add-content $file2 " findingId: `\`"$CHOICE3`\`"," add-content $file2 " product: `\`"$CHOICE4`\`"" add-content $file2 ' }' add-content $file2 ' limit: 200) {' add-content $file2 ' findings {' add-content $file2 ' findingId' add-content $file2 ' accountId' add-content $file2 ' findingDisplayName' add-content $file2 ' severity' add-content $file2 ' products' add-content $file2 ' findingDescription' add-content $file2 ' findingImpact' add-content $file2 ' recommendations' add-content $file2 ' kbLinkURLs' add-content $file2 ' recommendationsVCF' add-content $file2 ' kbLinkURLsVCF' add-content $file2 ' categoryName' add-content $file2 ' findingTypes' add-content $file2 ' firstObserved' add-content $file2 ' totalAffectedObjectsCount' add-content $file2 ' affectedObjects(start: 0, limit: 200) {' add-content $file2 ' sourceName' add-content $file2 ' objectName' add-content $file2 ' }' add-content $file2 ' }' add-content $file2 ' totalRecords' add-content $file2 ' timeTaken' add-content $file2 ' }' add-content $file2 '}' add-content $file2 '"}' $file = checkfile . $file $MYTOKEN2 = getaccesstoken2 $FINDINGS = invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -sessionvariable "SkylineAutomationToolkit" -infile skyline.json -ContentType "application/json" switch ($CHOICE5) { "send2slack" { write-output write-output $FINDINGS.data.activeFindings.findings.affectedObjects $fileslack = "skyline-slack.csv" if (-not(Test-Path -Path $fileslack -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $fileslack -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $fileslack $FINDINGS.data.activeFindings.findings.affectedObjects | foreach-object { add-content $fileslack $_ } send2slack } "send2servicenow" { write-output $FINDINGS.data.activeFindings.findings.affectedObjects $fileservicenow = "skyline-servicenow.csv" if (-not(Test-Path -Path $fileservicenow -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $fileservicenow -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $fileservicenow $FINDINGS.data.activeFindings.findings.affectedObjects | foreach-object { add-content $fileservicenow $_ } send2servicenow } "send2jira" { write-output $FINDINGS.data.activeFindings.findings $filejira = "skyline-jira.csv" if (-not(Test-Path -Path $filejira -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $filejira -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $filejira $FINDINGS.data.activeFindings.findings.affectedObjects | foreach-object { add-content $filejira $_ } send2jira } "send2csv" { write-output $FINDINGS.data.activeFindings.findings.affectedObjects $filecsv = "skyline-getfinding-details.csv" if (-not(Test-Path -Path $filecsv -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $filecsv -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $filecsv $FINDINGS.data.activeFindings.findings.affectedObjects | select sourceName, objectName | export-csv $filecsv -notypeinformation } default { write-output write-output $FINDINGS.data.activeFindings.findings.affectedObjects } } } category { $file2 = "skyline.json" clear-content $file2 add-content $file2 '{ "query" : "' add-content $file2 '{' add-content $file2 ' activeFindings(' add-content $file2 ' filter: {' add-content $file2 " categoryName: [$CHOICE3]" add-content $file2 ' }' add-content $file2 ' limit: 200)' add-content $file2 '{' add-content $file2 ' findings {' add-content $file2 ' findingId' add-content $file2 ' products' add-content $file2 ' totalAffectedObjectsCount' add-content $file2 ' }' add-content $file2 ' }' add-content $file2 '}' add-content $file2 '"}' $file = checkfile . $file $MYTOKEN2 = getaccesstoken2 $FINDINGS = invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -sessionvariable "SkylineAutomationToolkit" -infile skyline.json -ContentType "application/json" switch ($CHOICE4) { "send2slack" { write-output $FINDINGS.data.activeFindings.findings $fileslack = "skyline-slack.csv" if (-not(Test-Path -Path $fileslack -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $fileslack -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $fileslack $FINDINGS.data.activeFindings.findings | foreach-object { add-content $fileslack $_ } send2slack } "send2servicenow" { write-output $FINDINGS.data.activeFindings.findings $fileservicenow = "skyline-servicenow.csv" if (-not(Test-Path -Path $fileservicenow -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $fileservicenow -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $fileservicenow $FINDINGS.data.activeFindings.findings | foreach-object { add-content $fileservicenow $_ } send2servicenow } "send2jira" { write-output $FINDINGS.data.activeFindings.findings $filejira = "skyline-jira.csv" if (-not(Test-Path -Path $filejira -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $filejira -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $filejira $FINDINGS.data.activeFindings.findings | foreach-object { add-content $filejira $_ } send2jira } "send2csv" { write-output $FINDINGS.data.activeFindings.findings $filecsv = "skyline-getfinding-category.csv" if (-not(Test-Path -Path $filecsv -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $filecsv -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $filecsv $FINDINGS.data.activeFindings.findings | select findingId, @{name="products"; expression={$_.products}}, totalAffectedObjectsCount | export-csv $filecsv -notypeinformation } default { write-output $FINDINGS.data.activeFindings.findings } } } type { $file2 = "skyline.json" clear-content $file2 add-content $file2 '{ "query" : "' add-content $file2 '{' add-content $file2 ' activeFindings(' add-content $file2 ' filter: {' add-content $file2 " findingTypes: [$CHOICE3]" add-content $file2 ' }' add-content $file2 ' limit: 200)' add-content $file2 '{' add-content $file2 ' findings {' add-content $file2 ' findingId' add-content $file2 ' products' add-content $file2 ' totalAffectedObjectsCount' add-content $file2 ' }' add-content $file2 ' }' add-content $file2 '}' add-content $file2 '"}' $file = checkfile . $file $MYTOKEN2 = getaccesstoken2 $FINDINGS = invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -sessionvariable "SkylineAutomationToolkit" -infile skyline.json -ContentType "application/json" switch ($CHOICE4) { "send2slack" { write-output $FINDINGS.data.activeFindings.findings $fileslack = "skyline-slack.csv" if (-not(Test-Path -Path $fileslack -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $fileslack -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $fileslack $FINDINGS.data.activeFindings.findings | foreach-object { add-content $fileslack $_ } send2slack } "send2servicenow" { write-output $FINDINGS.data.activeFindings.findings $fileservicenow = "skyline-servicenow.csv" if (-not(Test-Path -Path $fileservicenow -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $fileservicenow -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $fileservicenow $FINDINGS.data.activeFindings.findings | foreach-object { add-content $fileservicenow $_ } send2servicenow } "send2jira" { write-output $FINDINGS.data.activeFindings.findings $filejira = "skyline-jira.csv" if (-not(Test-Path -Path $filejira -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $filejira -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $filejira $FINDINGS.data.activeFindings.findings | foreach-object { add-content $filejira $_ } send2jira } "send2csv" { write-output $FINDINGS.data.activeFindings.findings $filecsv = "skyline-getfinding-type.csv" if (-not(Test-Path -Path $filecsv -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $filecsv -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $filecsv $FINDINGS.data.activeFindings.findings | select findingId, @{name="products"; expression={$_.products}}, totalAffectedObjectsCount | export-csv $filecsv -notypeinformation } default { write-output $FINDINGS.data.activeFindings.findings } } } severity { $file2 = "skyline.json" clear-content $file2 add-content $file2 '{ "query" : "' add-content $file2 '{' add-content $file2 ' activeFindings(' add-content $file2 ' filter: {' add-content $file2 " severity: [$CHOICE3]" add-content $file2 ' }' add-content $file2 ' limit: 200)' add-content $file2 '{' add-content $file2 ' findings {' add-content $file2 ' findingId' add-content $file2 ' products' add-content $file2 ' totalAffectedObjectsCount' add-content $file2 ' }' add-content $file2 ' }' add-content $file2 '}' add-content $file2 '"}' $file = checkfile . $file $MYTOKEN2 = getaccesstoken2 $FINDINGS = invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -sessionvariable "SkylineAutomationToolkit" -infile skyline.json -ContentType "application/json" switch ($CHOICE4) { "send2slack" { write-output $FINDINGS.data.activeFindings.findings $fileslack = "skyline-slack.csv" if (-not(Test-Path -Path $fileslack -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $fileslack -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $fileslack $FINDINGS.data.activeFindings.findings | foreach-object { add-content $fileslack $_ } send2slack } "send2servicenow" { write-output $FINDINGS.data.activeFindings.findings $fileservicenow = "skyline-servicenow.csv" if (-not(Test-Path -Path $fileservicenow -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $fileservicenow -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $fileservicenow $FINDINGS.data.activeFindings.findings | foreach-object { add-content $fileservicenow $_ } send2servicenow } "send2jira" { write-output $FINDINGS.data.activeFindings.findings $filejira = "skyline-jira.csv" if (-not(Test-Path -Path $filejira -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $filejira -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $filejira $FINDINGS.data.activeFindings.findings | foreach-object { add-content $filejira $_ } send2jira } "send2csv" { write-output $FINDINGS.data.activeFindings.findings $filecsv = "skyline-getfinding-severity.csv" if (-not(Test-Path -Path $filecsv -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $filecsv -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $filecsv $FINDINGS.data.activeFindings.findings | select findingId, @{name="products"; expression={$_.products}}, totalAffectedObjectsCount | export-csv $filecsv -notypeinformation } default { write-output $FINDINGS.data.activeFindings.findings } } } custom { $file = checkfile . $file $MYTOKEN2 = getaccesstoken2 $FINDINGS = invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -sessionvariable "SkylineAutomationToolkit" -infile skyline.json -ContentType "application/json" switch ($CHOICE3) { "send2slack" { write-output $FINDINGS.data.activeFindings.findings $fileslack = "skyline-slack.csv" if (-not(Test-Path -Path $fileslack -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $fileslack -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $fileslack $FINDINGS.data.activeFindings.findings | foreach-object { add-content $fileslack $_ } send2slack } "send2servicenow" { write-output $FINDINGS.data.activeFindings.findings $fileservicenow = "skyline-servicenow.csv" if (-not(Test-Path -Path $fileservicenow -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $fileservicenow -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $fileservicenow $FINDINGS.data.activeFindings.findings | foreach-object { add-content $fileservicenow $_ } send2servicenow } "send2jira" { write-output $FINDINGS.data.activeFindings.findings $filejira = "skyline-jira.csv" if (-not(Test-Path -Path $filejira -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $filejira -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } clear-content $filejira $FINDINGS.data.activeFindings.findings | foreach-object { add-content $filejira $_ } send2jira } default { write-output $FINDINGS.data.activeFindings.findings } } } default { '' 'USAGE: skyline-comm get-findings VARIABLE' ' (arg1): [get-findings list] [send2slack|send2servicenow|send2jira|send2csv]' ' (arg2): [get-findings detail findingid source] [send2slack|send2servicenow|send2jira|send2csv]' ' (arg3): [get-findings custom] [send2slack|send2servicenow|send2jira]' ' (arg4): [get-findings category SECURITY|NETWORK|COMPUTE|STORAGE] [send2slack|send2servicenow|send2jira|send2csv]' ' (arg5): [get-findings type CONFIGURATION|UPGRADE] [send2slack|send2servicenow|send2jira|send2csv]' ' (arg6): [get-findings severity CRITICAL|MODERATE|TRIVIAL] [send2slack|send2servicenow|send2jira|send2csv]' '' createsource } } } default { '' 'USAGE: skyline-comm ARG VARIABLE' ' (arg1): [prep]' ' (arg2): [get-access-token]' ' (arg3): [get-findings list] [send2slack|send2servicenow|send2jira|send2csv]' ' (arg4): [get-findings detail findingid source] [send2slack|send2servicenow|send2jira|send2csv]' ' (arg5): [get-findings custom] [send2slack|send2servicenow|send2jira]' ' (arg6): [get-findings category SECURITY|NETWORK|COMPUTE|STORAGE] [send2slack|send2servicenow|send2jira|send2csv]' ' (arg7): [get-findings type CONFIGURATION|UPGRADE] [send2slack|send2servicenow|send2jira|send2csv]' ' (arg8): [get-findings severity CRITICAL|MODERATE|TRIVIAL] [send2slack|send2servicenow|send2jira|send2csv]' '' createsource } } } #skyline-comm function skyline-sec { [CmdletBinding()] param( [string]$CHOICE1, [string]$CHOICE2 ) switch ( $CHOICE1 ) { set-ssh { write-output "starting to set SSH settings on $CHOICE2..." $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) #V-239165 $SERVERX = $CHOICE2 $SEC1 = "MaxAuthTries" $SEC2 = "2" security #V-239164 $SERVERX = $CHOICE2 $SEC1 = "IgnoreUserKnownHosts" $SEC2 = "yes" security #V-239161 $SERVERX = $CHOICE2 $SEC1 = "Compression" $SEC2 = "no" security #V-239160 $SERVERX = $CHOICE2 $SEC1 = "PermitEmptyPasswords" $SEC2 = "no" security #V-239163 $SERVERX = $CHOICE2 $SEC1 = "IgnoreRhosts" $SEC2 = "yes" security #V-239162 $SERVERX = $CHOICE2 $SEC1 = "PrintLastLog" $SEC2 = "yes" security #V-239155 $SERVERX = $CHOICE2 $SEC1 = "PermitUserEnvironment" $SEC2 = "no" security #V-239156 $SERVERX = $CHOICE2 $SEC1 = "X11Forwarding" $SEC2 = "no" security #V-239157 $SERVERX = $CHOICE2 $SEC1 = "StrictModes" $SEC2 = "yes" security #V-239158 $SERVERX = $CHOICE2 $SEC1 = "KerberosAuthentication" $SEC2 = "no" security write-output "...complete set SSH settings on $CHOICE2" } set-passwd { write-output "starting to set password settings on $CHOICE2..." write-output "...set 90 Days Max Lifetime..." plink root@$CHOICE2 -no-antispoof "sed -i s/'PASS_MAX_DAYS 60'/'PASS_MAX_DAYS 90'/g /etc/login.defs" write-output "...set password history..." plink root@$CHOICE2 -no-antispoof "touch /etc/security/opasswd; chown root:root /etc/security/opasswd; chmod 0600 /etc/security/opasswd; echo 'password required pam_pwhistory.so enforce_for_root use_authtok remember=5 retry=3' >> /etc/pam.d/system-password" write-output "...complete set password settings on $CHOICE2" } default { '' 'USAGE: skyline-sec ARG VARIABLE' ' (arg1): [set-ssh]' ' (arg2): [set-passwd]' '' createsource } #set-logging, set-config } } #skyline-sec Export-ModuleMember -Function 'skyline-fixer', 'skyline-helper', 'skyline-docker', 'skyline-comm', 'skyline-sec' |