VMware Cloud Community
fdo_works
Contributor
Contributor
‎10-24-2013 08:04 AM
Jump to solution

Powershell script to browse the root of an ESXI Host???

I am currently working on a project to automate task to bring our vmware environment up to STIG standard.

I was able to do most of the task using PowerCLI and vSphereCLI scripts. Some of the fixes requires you to check the data for files  like /etc/ssh/ssh_config... I tried using the vifs.pl but that does not allow you to browse the host root directories. Also tried to research how to run SSH commands via Powershell but there is no free utlity. Is there any other way to accomplish this?

0 Kudos
1 Solution

Accepted Solutions
fdo_works
Contributor
Contributor
‎10-24-2013 11:40 AM
Jump to solution

https://communities.vmware.com/message/2303744

found answer to my problem.. use application called plink.exe to connect to the esxi host.

View solution in original post

0 Kudos
3 Replies
markdjones82
Expert
Expert
‎10-24-2013 08:14 AM
Jump to solution

This KB is for copying files, but it should allow to browse the directory.  Are you just wanting to get the file size or something?

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200104...

You might also want to post this directly into Powercli forum as that is where the experts post in that area Smiley Happy

VMware vSphere™ PowerCLI

http://www.twitter.com/markdjones82 | http://nutzandbolts.wordpress.com
0 Kudos
fdo_works
Contributor
Contributor
‎10-24-2013 09:43 AM
Jump to solution

I think that command only allow me to check on files on the DATA store. Is one example:

Rule Title:  The SSH client must not send environment variables to the server or must only send those pertaining to locale.

STIG ID: GEN005529-ESXI5-708  Rule ID: SV-51085r1_rule  Vuln ID: V-39269

Severity: CAT II Class: Unclass

Discussion:
Environment variables can be used to change the behavior of remote sessions and should be limited. Locale environment variables specify the language, character set, and other features modifying the operation of software to match the user's preferences.

Documentable: No

Check Content:
Disable lock down mode.
Enable the ESXi Shell.
<file> = /etc/ssh/ssh_config
<required_keyword> = AcceptEnv
<required_keyword_setpoint> = LOCALE
Execute the following command(s):
# grep AcceptEnv /etc/ssh/ssh_config

If "AcceptEnv" is not set to "LOCALE" this is a finding.

Re-enable lock down mode.

Fix Text:
Disable lock down mode.
Enable the ESXi Shell.
<file> = /etc/ssh/ssh_config
<required_keyword> = AcceptEnv
<required_keyword_setpoint> = LOCALE
Execute the following command(s):
# vi <file>

Add/modify the <required_keyword> and/or <required_keyword_setpoint> where/as required to "LOCALE".

Re-enable lock down mode.

CCI: CCI-000366
NIST SP 800-53A :: CM-6.1 (iv)
NIST SP 800-53 :: CM-6 b

I need to be able to browse to /etc/ssh/ssh_config file and check if certain condition apply. Datastore and the /host folder are the only two locations that can be access via Powershell or vCLI.

Thanks.. I didnt see the PowerCLI forum...

0 Kudos
fdo_works
Contributor
Contributor
‎10-24-2013 11:40 AM
Jump to solution

https://communities.vmware.com/message/2303744

found answer to my problem.. use application called plink.exe to connect to the esxi host.

0 Kudos