I've tried, but have been unable to make this script into a report. Here's the script I would like to make into a report:
foreach ($VMHost in Get-VMHost){
$esx = Get-View -Id $VMHost.id
foreach($vSwitch in $esx.Config.Network.Vswitch){
Write-Host $vSwitch.Name
Write-Host "`tmac changes:" $vSwitch.Spec.Policy.Security.macChanges
Write-Host "`tForged transmits:" $vSwitch.Spec.Policy.Security.ForgedTransmits
}
}
I'd like to also add the esx host name into the output. I'd like the output to take this format if possible:
esxservername,mac changes,forged transmits
I was looking at this script as sort of a template, but when I went to replace parts of the script it just wasn't working correctly. This script is for VM information, but I am looking for the above script to be put into this type report format. Or am I wrong in that the above script is only good for just displaying out to the screen when launched in powerCLI?
$report = foreach($vm in (Get-VM | where {$_.PowerState -eq "PoweredOn" })){
Get-NetworkAdapter -VM $vm | `
Select @{N="VMname";E={$vm.Name}},
@{N="MAC address";E={$_.MacAddress}}
}
$report | Export-Csv ".\output.csv" -NoTypeInformation -UseCulture
Thanks in advance for any help.
Hi Mark,
The next script will give you the desired report:
Get-View -ViewType HostSystem | ForEach-Object { $VMHostView =$_ $VMHostView.Config.Network.vSwitch | ForEach-Object { $Report = "" | Select-Object -Property VMHost,vSwitch,"MAC Changes","Forged Transmits" $Report.VMHost = $VMHostView.Name $Report.vSwitch = $_.Name $Report."MAC Changes" = $_.Spec.Policy.Security.macChanges $Report."Forged Transmits" = $_.Spec.Policy.Security.ForgedTransmits $Report } }
Regards, Robert
Hi Mark,
The next script will give you the desired report:
Get-View -ViewType HostSystem | ForEach-Object { $VMHostView =$_ $VMHostView.Config.Network.vSwitch | ForEach-Object { $Report = "" | Select-Object -Property VMHost,vSwitch,"MAC Changes","Forged Transmits" $Report.VMHost = $VMHostView.Name $Report.vSwitch = $_.Name $Report."MAC Changes" = $_.Spec.Policy.Security.macChanges $Report."Forged Transmits" = $_.Spec.Policy.Security.ForgedTransmits $Report } }
Regards, Robert
Thank you.
Can you please add in a where statement causing the script to only report on "False" settings for these?
$Report."MAC Changes" = $_.Spec.Policy.Security.macChanges
$Report."Forged Transmits" = $_.Spec.Policy.Security.ForgedTransmits
Sure, try this.
Get-View -ViewType HostSystem | ForEach-Object { $VMHostView =$_
$VMHostView.Config.Network.vSwitch | `
where {!$_.Spec.Policy.Security.macChanges -or !$_.Spec.Policy.Security.ForgedTransmits} | `
ForEach-Object { $Report = "" | Select-Object -Property VMHost,vSwitch,"MAC Changes","Forged Transmits"
$Report.VMHost = $VMHostView.Name $Report.vSwitch = $_.Name $Report."MAC Changes" = $_.Spec.Policy.Security.macChanges $Report."Forged Transmits" = $_.Spec.Policy.Security.ForgedTransmits $Report
} }
If both should be $false, replace the -or in the where-clause with an -and
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Worked great. I am curious about this part of the script as I don't see explicit values noted (ie, "False" or "True").
where {!$_.Spec.Policy.Security.macChanges -or !$_.Spec.Policy.Security.ForgedTransmits}
Trying to figure out where the "False" identification is requested. Does it have to do with the "!"?
Thanks again.
The exclamation mark is the Boolean NOT operator in PS.
So the statement says: where MacChanges is not true or where ForgedTransmits is not true.
In other words: where MacChanges is false or where ForgedTransmits is false.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
ok, so it is the same as this?
where {$_.Spec.Policy.Security.macChanges -eq "False" -or $_.Spec.Policy.Security.ForgedTransmits -eq "False"}
what would be the way to change out True for False?
Thanks
Not really.
In fact that is an interesting example, the value "False" that you use to compare is a string.
PowerShell casts this automatically for you to a Boolean value. But it will not be what you expected, it will be the Boolean value $true.
Another example, you can write
where {$_.Spec.Policy.Security.macChanges -ne "whatever" -or $_.Spec.Policy.Security.ForgedTransmits -ne "whatever"}
Confusing ? Yes, but it shows the way PS casts a string to a Boolean.
Any non-empty string will be cast to $true !
So
where {$_.Spec.Policy.Security.macChanges -eq "False" -or $_.Spec.Policy.Security.ForgedTransmits -eq "False"}
will in fact translate, after the cast, to this
where {$_.Spec.Policy.Security.macChanges -eq $true -or $_.Spec.Policy.Security.ForgedTransmits -eq $true}
It's not the content of the string that is casted, it's the fact if the string is empty or not
This will work
where {$_.Spec.Policy.Security.macChanges -eq "" -or $_.Spec.Policy.Security.ForgedTransmits -eq ""}
since it translates to
where {$_.Spec.Policy.Security.macChanges -eq $false -or $_.Spec.Policy.Security.ForgedTransmits -eq $false}
Don't you just love the flexibility and intelligence of PowerShell
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Ah. I get it now. But, I am not even going to ask why this one works differently
Get-VM | ForEach-Object {Get-View $_.ID} | Where-Object { $_.Config.Version -eq "vmx-04" } | Where-Object { $_.guest.gueststate -eq "running" } | ForEach-Object {Write-Host $_.Name","$_.guest.guestfamily }
Appreciate the time.
Short explanation, the left operand ($_.Config.Version) is a string, and so is the right operand, no cast needed.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
It's becoming clearer. Thanks again.
Great script Lucd, I'm learning a lot here! Is there anyway we can search a specific Cluster for forged transmits and mac changes using this script?
Sure you can.
You could limit the ESX(i) hosts that are returned to just those that are part of a specific cluster.
The first line would then become
$cluster = Get-Cluster -Name MyCluster
Get-View -ViewType HostSystem -Filter @{"Parent"=$cluster.ExtensionData.MoRef.Value}
Is that what you were looking for ?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
That did it! Thanks!!!!
To modify these setting to meet the vSphere Security Hardening guide, is it possible to leverage the above script? This line would edit the object but probably needs to overwrite the actual object setting.
$_.Spec.Policy.Security.macChanges = "Reject"
I'm afraid that changing the settings will not work like that.
You will have to call the UpdateVirtualSwitch method with a HostVirtualSwitchSpec object as argument.
See the Script to Change vSwitch Security Settings thread for an example.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference