SkylineAutomationToolkit.psm1

function confirmX {

 write-host ""
 write-host "Here are the changes you are about to do:"
 write-host ""
 write-host "Management Host: $VCENTER"
 write-host "Affected Host: $ESX"
 write-host "KB Reference: $KB"
 write-host ""
 $confirmation = Read-Host "Do you want to continue (y/n)"
 return $confirmation
}


function tagset {
$tagcatinfo = get-tagcategory skyline
if ($tagcatinfo.Count -lt 1)
    { #create everything
        new-tagcategory skyline -cardinality "multiple" -description "Skyline Automation Toolkit"
        get-tagcategory skyline | new-tag SATversion -description "1.0.1"
            new-tagassignment -tag SATversion -entity Datacenters
        get-tagcategory skyline | new-tag SATusage -description "1"
            new-tagassignment -tag SATusage -entity Datacenters    
    }
else
    { #dont create
    $tagversion = get-tag SATversion
    if ($tagversion.description -ne "1.0.1") 
        {
        get-tag SATversion | remove-tag -confirm:$false
        get-tagcategory skyline | new-tag SATversion -description "1.0.1"
            new-tagassignment -tag SATversion -entity Datacenters
        }

    $tagusage = get-tag SATusage
    $tagusagevalue = $tagusage.description
    $tagusagenum = [int]$tagusagevalue
    $tagusagenum2 = $tagusagenum + 1
        get-tag SATusage | remove-tag -confirm:$false
        get-tagcategory skyline | new-tag SATusage -description "$tagusagenum2"
            new-tagassignment -tag SATusage -entity Datacenters

    }
}

function checkfile {
 $fileuname = '/usr/bin/uname'
if (-not(Test-Path -Path $fileuname -PathType Leaf)) {
        $file = 'c:\skyline\SkylineUtils-config.ps1'
} else {
    $file = './SkylineUtils-config.ps1'    
}
 return $file
}

function cleansnapshots {
    connect-viserver -server $VCENTER
        tagset
        get-vm $ESX | get-snapshot | remove-snapshot -confirm:$false
    disconnect-viserver -confirm:$false
}


function getaccesstoken2 {
$Header = @{
 "Accept" = "application/json"
 "Content-Type" = "application/x-www-form-urlencoded"
}

 $file = checkfile
 . $file


$Body = @{
 refresh_token = "$APITOKEN"
}


$MYTOKEN = Invoke-RestMethod -method Post -Uri "$APITOKENSERVER" -Headers $Header -Body $Body

return $MYTOKEN.access_token
}


function createsource {

$file = checkfile
 

if (-not(Test-Path -Path $file -PathType Leaf)) {
     try {
         $null = New-Item -ItemType File -Path $file -Force -ErrorAction Stop
     }
     catch {
         throw $_.Exception.Message
     }
}
}

function vcenterpatch {
    plink -ssh root@$VCENTER -no-antispoof 'software-packages stage --iso --acceptEulas'
    plink -ssh root@$VCENTER -no-antispoof 'software-packages install'
    #plink -ssh root@$VCENTER -no-antispoof -batch "software-packages stage --iso --acceptEulas ; software-packages install"
}

function patching {
    tagset

    $patches = get-patch $PATCHX

    $getpatchx = get-patchbaseline $PATCHX
    if ($getpatchx -lt 1) {
     new-patchbaseline -name $PATCHX -includepatch $patches -static
    }

    get-baseline $PATCHX | attach-baseline -entity $ESX
    get-inventory $ESX | scan-inventory

} #patching

function skyline-fixer {
[CmdletBinding()] 
param(
 [string]$OPTIONX,
 [string]$CSVFILE,
 [string]$FIXWORK
)

switch ( $OPTIONX ) {

"taginfo"
{
 connect-viserver -server $CSVFILE
 tagset
 disconnect-viserver -confirm:$false
}


"kblist"
 {
 ''
 ''
 write-host "vSphere"
 write-host "https://kb.vmware.com/s/article/55650"
 write-host "https://kb.vmware.com/s/article/58715"
 write-host "https://kb.vmware.com/s/article/58874" 
 write-host "https://kb.vmware.com/s/article/65207" 
 write-host "https://kb.vmware.com/s/article/67129"
 write-host "https://kb.vmware.com/s/article/67529"
 write-host "https://kb.vmware.com/s/article/70737"
 write-host "https://kb.vmware.com/s/article/70813" 
 write-host "https://kb.vmware.com/s/article/76163" 
 write-host "https://kb.vmware.com/s/article/76372" 
 write-host "https://kb.vmware.com/s/article/76613"
 write-host "https://kb.vmware.com/s/article/76630"
 write-host "https://kb.vmware.com/s/article/76733"
 write-host "https://kb.vmware.com/s/article/76745" 
 write-host "https://kb.vmware.com/s/article/76755" 
 write-host "https://kb.vmware.com/s/article/79520"
 write-host "https://kb.vmware.com/s/article/79694"
 write-host "https://kb.vmware.com/s/article/80703"
 write-host "https://kb.vmware.com/s/article/81397" 
 write-host "https://kb.vmware.com/s/article/81576" 
 write-host "https://kb.vmware.com/s/article/82374"
 write-host "https://kb.vmware.com/s/article/83473" 
 write-host "https://kb.vmware.com/s/article/83829"
 write-host "https://kb.vmware.com/s/article/1003736"
 write-host "https://kb.vmware.com/s/article/1025279"
 write-host "https://kb.vmware.com/s/article/1025757"
 write-host "https://kb.vmware.com/s/article/2003322" 
 write-host "https://kb.vmware.com/s/article/2136430"
 write-host "https://kb.vmware.com/s/article/2149237" 
 write-host "https://kb.vmware.com/s/article/2147959"
 write-host "https://kb.vmware.com/s/article/2150190"
 write-host "https://kb.vmware.com/s/article/2150794" 
 write-host "https://kb.vmware.com/s/article/2150353" 
 ''
 write-host "vSAN"
 write-host "https://kb.vmware.com/s/article/84209"
 write-host "https://kb.vmware.com/s/article/50121439"
 ''
 ''
 write-host "horizon"
 write-host "https://kb.vmware.com/s/article/2144475"
 ''
 write-host "vra (VMware Automation)"
 write-host "https://kb.vmware.com/s/article/1025279" 
 ''
 ''
 write-host "vrops (VMware Operations Manager)"
 write-host "https://kb.vmware.com/s/article/53289"
 write-host "https://kb.vmware.com/s/article/76154"
 write-host "https://kb.vmware.com/s/article/2145578"
 ''
 ''
 write-host "VMSA"
 write-host "https://www.vmware.com/security/advisories/VMSA-2019-0022.html"
 write-host "https://www.vmware.com/security/advisories/VMSA-2020-0002.html" 
 write-host "https://www.vmware.com/security/advisories/VMSA-2020-0015.html"
 write-host "https://www.vmware.com/security/advisories/VMSA-2021-0013.html"
 ''
 ''
 createsource
} #kblist

"csv"
 {
 createsource
import-csv $CSVFILE | foreach-object {

$KB = $_."Reference"
    $KB = $KB.trim()

$VCENTER = $_."Source Name"
$ESX = $_."Object Name"

 switch ( $KB ) {
 "https://kb.vmware.com/s/article/10252799" 
    { 
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
        write-host "...start the fix..."
    }
    } #10252799

 "https://kb.vmware.com/s/article/1025279" 
    { 
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
        cleansnapshots 
    }
    } #1025279

 "https://kb.vmware.com/s/article/2149237" 
    { 
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
        cleansnapshots 
    }
    } #2149237


 "https://kb.vmware.com/s/article/76372" 
    { 
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
        connect-viserver -server $VCENTER
            tagset

            Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "sfcbd-watchdog"} | Stop-VMHostService -Confirm:$false
            Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "slpd"} | Stop-VMHostService -Confirm:$false

            Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "sfcbd-watchdog"} | Set-VMHostService -Policy Off -Confirm:$false
            Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "slpd"} | Set-VMHostService -Policy Off -Confirm:$false
        disconnect-viserver -confirm:$false
    }
     } #76372

 "https://kb.vmware.com/s/article/50121439"
    { #NOTE: scp intel-nmve-*.vib into ESX:/tmp
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
         plink root@$ESX 'esxcli softwarre vib install -v /tmp/intel-nvme-*.vib'
    }
    } #50121439

 "https://kb.vmware.com/s/article/53289"
    { #NOTE: ESX = VROPS
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
         plink root@$ESX 'service syslog stop'
        plink root@$ESX 'rm -f /var/log/warn* /var/log/auth.log* /var/log/messages*'
        plink root@$ESX 'service syslog start'
        #plink -batch root@$ESX "service syslog stop ; rm -f /var/log/warn* /var/log/auth.log* /var/log/messages* ; service syslog start"
    }
    } #53289

 "https://kb.vmware.com/s/article/76154"
    { #NOTE: ESX = VROPS
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
         plink root@$ESX 'service rsyslog restart'
    }
    } #76154

 "https://kb.vmware.com/s/article/2145578"
    { #NOTE: ESX = VROPS
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
         plink root@$ESX 'find /storage/log/ -mount -type f -mtime +1 -exec echo {} \; -exec truncate -cs 0 {} \; 2>&1 | tee /tmp/files_truncated.txt'
    }
    } #2145578


 "https://kb.vmware.com/s/article/76630" 
    { #NOTE: check to make sure ssh has been enabled on ESX
    #NOTE: create for loop for multiple ESX server
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
         "6.5.*"    {
            if ($FIXWORK -eq 'fix')
            {#NOTE: scp QLC_bootbank_q*.vib into ESX:/tmp
            plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib'
            plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib'
            plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib'
            plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib'
            #plink -batch root@$ESX "esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib"
            }        
            else
            { #NOTE: workaround
            plink root@$ESX 'esxcfg-module -d qfle3i'
            plink root@$ESX 'esxcfg-module -d qfle3f'
            plink root@$ESX 'esxcfg-module -d qcnic'
            #plink -batch root@$ESX "esxcfg-module -d qfle3i ; esxcfg-module -d qfle3f ; esxcfg-module -d qcnic"
            }
        } #6.5.*

        "6.7.*" {
            if ($FIXWORK -eq 'fix')
            {#NOTE: scp QLC_bootbank_q*.vib into ESX:/tmp
            plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib'
            plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib'
            plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib'
            plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib'
            #plink -batch root@$ESX "esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib"
            }        
            else
            { #NOTE: workaround
            plink root@$ESX 'esxcfg-module -d qfle3i'
            plink root@$ESX 'esxcfg-module -d qfle3f'
            plink root@$ESX 'esxcfg-module -d qcnic'
            #plink -batch root@$ESX "esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib"
            }
        } #6.7.0
        } #switch-HOSTX

        #NOTE: does not support v7.0
        disconnect-viserver -confirm:$false

    }
    } #76630

 "https://kb.vmware.com/s/article/83473" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {        
        "7.0.*" {
        $PATCHX = "ESXi70U2c-18426014"
        patching
        } #7.0.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #83473

 "https://kb.vmware.com/s/article/81397" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {        
        "7.0.*" {
        $PATCHX = "ESXi70U1c-17325551"
        patching
        } #7.0.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #81397

 "https://kb.vmware.com/s/article/84209" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {        
        "7.0.*" {
        $PATCHX = "ESXi70U2-17630552"
        patching
        } #7.0.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #84209

 "https://kb.vmware.com/s/article/79694" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {        
        "7.0.*" {
        $PATCHX = "ESXi70b-16324942"
        patching
        } #7.0.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #79694

 "https://www.vmware.com/security/advisories/VMSA-2021-0013.html" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $PATCHX = "TOOLS-17901792"
        patching
        disconnect-viserver -confirm:$false
    }
    } #vmsa-2021-0013

 "https://www.vmware.com/security/advisories/VMSA-2020-0002.html" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $PATCHX = "TOOLS-15948996"
        patching
        disconnect-viserver -confirm:$false
    }
    } #vmsa-2020-0002

 "https://kb.vmware.com/s/article/76163" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $PATCHX = "TOOLS-15948996"
        patching
        disconnect-viserver -confirm:$false
    }
    } #76163

 "https://kb.vmware.com/s/article/76733" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {        
        "6.7.*" {
        $PATCHX = "ESXi670-202004002"
        patching
        } #6.7.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #76733

 "https://kb.vmware.com/s/article/2150794" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
        "6.5.*" {
        $PATCHX = "ESXi650-201907201-UG"
        patching
        } #6.5.0
        
        "6.7.*" {
        $PATCHX = "ESXi670-201908201-UG"
        patching
        } #6.7.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #2150794

 "https://kb.vmware.com/s/article/76613" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
        "6.0.*" {
        $PATCHX = "ESXi600-201911001"
        patching
        } #6.0.0
        
        "6.5.*" {
        $PATCHX = "ESXi650-201911001"
        patching
        } #6.5.0
        
        "6.7.*" {
        $PATCHX = "ESXi670-201911001"
        patching
        } #6.7.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #76613

 "https://kb.vmware.com/s/article/1025757" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
        "6.5.*" {
        $PATCHX = "ESXi650-202107001"
        patching
        } #6.5.0
        
        "6.7.*" {
        $PATCHX = "ESXi670-202103001"
        patching
        } #6.7.0
        
        "7.0.*" {
        $PATCHX = "ESXi70U2-17630552"
        patching
        } #7.0.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #1025757


 "https://kb.vmware.com/s/article/67129" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
        "6.5.*" {
        $PATCHX = "ESXi650-201907201-UG"
        patching
        } #6.5.0

        "6.7.*" {
        $PATCHX = "ESXi670-201908201-UG"
        patching
        } #6.7.0
        } #switch-HOSTX

        #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839)
        disconnect-viserver -confirm:$false
    }
    } #67129


 "https://kb.vmware.com/s/article/70737"
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
        "6.7.*" {
        $PATCHX = "ESXi670-201908201-UG"
        patching
        } #6.7.0
        } #switch-HOSTX

        #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839)
        disconnect-viserver -confirm:$false
    }
    } #70737


 "https://kb.vmware.com/s/article/65207" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
        "6.7.*" {
        $PATCHX = "ESXi670-201908201-UG"
        patching
        } #6.7.0
        } #switch-HOSTX

        #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839)
        disconnect-viserver -confirm:$false
    }
    } #70813

 "https://kb.vmware.com/s/article/80703" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
         "7.0.*"    {
        $PATCHX = "ESXi70U1-16850804"
        patching
        } #6.5.*

        "6.7.*" {
        $PATCHX = "ESXi670-202103001"
        patching
        } #6.7.0
        } #switch-HOSTX

        #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839)
        disconnect-viserver -confirm:$false
    }
    } #80703

 "https://www.vmware.com/security/advisories/VMSA-2019-0022.html" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
         "6.0.*"    {
        $PATCHX = "ESXi600-201912001"
        patching
        } #6.0.*

         "6.5.*"    {
        $PATCHX = "ESXi650-201912001"
        patching
        } #6.5.*

        "6.7.*" {
        $PATCHX = "ESXi670-201912001"
        patching
        } #6.7.0
        } #switch-HOSTX

        #NOTE: INCOMPLETE - need DAS fix
        #NOTE: need Workaround
        disconnect-viserver -confirm:$false
    }
    } #VMSA-2019-0022

 "https://www.vmware.com/security/advisories/VMSA-2020-0015.html" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
         "6.5.*"    {
        $PATCHX = "ESXi650-202005401-SG"
        patching
        } #6.5.*

        "6.7.*" {
        $PATCHX = "ESXi670-202004101-SG"
        patching
        } #6.7.0

        "7.0.*" {
        $PATCHX = "ESXi70b-16324942"
        patching
        } #7.0.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #VMSA-2020-0015

 "https://www.vmware.com/security/advisories/VMSA-2020-0023.html" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
         "6.5.*"    {
        $PATCHX = "ESXi650-202011001"
        patching
        } #6.5.*

        "6.7.*" {
        $PATCHX = "ESXi670-202011001"
        patching
        } #6.7.0

        "7.0.*" {
        $PATCHX = "ESXi70U1a-17119627"
        patching
        } #7.0.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #VMSA-2020-0023

 "https://kb.vmware.com/s/article/58715" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
         "6.5.*"    {
        $PATCHX = "ESXi650-201810401-BG"
        patching
        } #6.5.*

        "6.7.*" {
        $PATCHX = "ESXi670-201810401-BG"
        patching
        } #6.7.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #58715

 "https://kb.vmware.com/s/article/67529" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
         "6.5.*"    {
        $PATCHX = "ESXi650-201912002"
        patching
        } #6.5.*

        "6.7.*" {
        $PATCHX = "ESXi670-202103001"
        patching
        } #6.7.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #67529

 "https://kb.vmware.com/s/article/81576" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
         "7.0.*"    {
        $PATCHX = "ESXi70U1c-17325551"
        patching
        } #7.0.*

        "6.7.0" {
        $PATCHX = "ESXi670-202011002"
        patching
        } #6.7.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #81576

 "https://kb.vmware.com/s/article/79520" 
    { #NOTE:config configs exist on vcenter
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
    connect-viserver -server $VCENTER
        tagset

        get-advancedsetting -entity $ESX -name "config.task.timeout" | set-advancedsetting -value "7200" -confirm:$false
        get-advancedsetting -entity $ESX -name "config.vmomi.soapStubAdapter.blockingTimeoutSeconds" | set-advancedsetting -value "18000" -confirm:$false
        disconnect-viserver -confirm:$false
    }
     } #79520

 "https://kb.vmware.com/s/article/2144475" 
    {     #NOTE: ESX is really VM in this context
        #NOTE: VDI
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
         
        connect-viserver -server $VCENTER
            get-advancesetting -entity $ESX -name svga.enableScreenDMA  | set-advancesetting -value TRUE -confirm:$false
        disconnect-viserver -confirm:$false
    }
        } #2144475

 "https://kb.vmware.com/s/article/2150190"  
    { 
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
        vcenterpatch 
    }
    } #2150190

 "https://kb.vmware.com/s/article/76745"  
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
        vcenterpatch 
    }
    } #76745

 "https://kb.vmware.com/s/article/76755"  
    { 
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
        vcenterpatch
    }
    } #76755

 "https://kb.vmware.com/s/article/83829" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
        vcenterpatch
    }
    } #83829

 "https://kb.vmware.com/s/article/83829" 
    {#NOTE: NEED REVIEW
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
         vcenterpatch
        }
    } #83829

 "https://kb.vmware.com/s/article/82374" 
    {#NOTE: NEED REVIEW 7.x
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
         vcenterpatch
        }
    } #82374

 "https://kb.vmware.com/s/article/1025279" 
    { 
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
         cleansnapshots
    }
    } #1025279

 "https://kb.vmware.com/s/article/1003736" 
    {
    $file = checkfile
    . $file

    if ($NTPSERVER -eq $null)
    {    
        $SAMPLENTP = select-string -path $file -pattern NTPSERVER
        if ($SAMPLENTP.Matches.Count -lt 1)
        {
            add-content $file '#NTPSERVER = "NEED-NTP-SERVER"'
        }

            write-host ''
            write-host "ERROR - cannot execute, please update NTPSERVER entry in $file"
            write-host ''

    }        
    else
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
                 connect-viserver -server $VCENTER
            tagset

            add-vmhostntpserver -vmhost $ESX -ntpserver $NTPSERVER
            get-vmhost -name $ESX | get-vmhostservice | where-object {$_.key -eq "ntpd" } | start-vmhostservice
            get-vmhost -name $ESX | get-vmhostservice | where-object {$_.key -eq "ntpd" } | set-vmhostservice -policy "automatic"
                disconnect-viserver -confirm:$false
    }
    }
        } #1003736


 "https://kb.vmware.com/s/article/2147959" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
            connect-viserver -server $VCENTER
        $PATCHX = "ESXi600-Update03"
        patching
            disconnect-viserver -confirm:$false
    }
    } #2147959

 "https://kb.vmware.com/s/article/58874" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
            connect-viserver -server $VCENTER
        $PATCHX = "ESXi670-Update02"
        patching
            disconnect-viserver -confirm:$false
    }
    } #58874

 "https://kb.vmware.com/s/article/2150353" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
         "6.0.*"    {
        $PATCHX = "ESXi600-201711001"
        patching
        } #6.0.0

        "6.5.*" {
        $PATCHX = "ESXi650-201712001"
        patching
        } #6.5.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #2150353

 "https://kb.vmware.com/s/article/2136430" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
         "5.5.*"    {
        $PATCHX = "ESXi550-201608001"
        patching
        } #5.5.*

        "6.0.*" {
        $PATCHX = "ESXi600-201611401-BG"
        patching
        } #6.0.*
        } #switch-HOSTX
        disconnect-viserver -confirm:$false
    }
    } #2136430

 "https://kb.vmware.com/s/article/55650" 
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
     
        connect-viserver -server $VCENTER
        $HOSTX= get-vmhost $ESX
        switch -wildcard ( $HOSTX.Version ) {
         "6.7.*"    {
        $PATCHX = "ESXi670-201811401-BG"
        patching
        } #6.7.*

        "6.5.*" {
        $PATCHX = "ESXi650-201811401-BG"
        patching
        } #6.5.0
        } #switch-HOSTX
        disconnect-viserver -confirm:$false    
    }
        } #55650

 "https://kb.vmware.com/s/article/2003322"
    {
    $file = checkfile
    . $file

    if ($LOGDIR -eq $null)
    {
        $SAMPLELOGDIR = select-string -path $file -pattern LOGDIR
        if ( $SAMPLELOGDIR.Matches.Count -lt 1)
        {
            add-content $file '#LOGDIR = "NEED-LOG-DIR"'
            add-content $file '#LOGHOST = "NEED-LOG-HOST"'
        }

            write-host ''
            write-host "ERROR - cannot execute, please update LOGDIR and LOGHOST entries in $file"
            write-host ''
    }
    else
    {
    $confirmY = confirmX
    if ($confirmY -eq 'y') {
             connect-viserver -server $VCENTER
            tagset

            get-advancedsetting -entity $ESX -name "Syslog.global.logDir" | set-advancedsetting -value "[$LOGDIR] /" -confirm:$false
            get-advancedsetting -entity $ESX -name "Syslog.global.logDirUnique" | set-advancedsetting -value $true -confirm:$false
            get-advancedsetting -entity $ESX -name "Syslog.global.logHost" | set-advancedsetting -value "udp://$LOGHOST:514" -confirm:$false
            disconnect-viserver -confirm:$false
    }
     }
    } #2003322

    default { 
        ''
        'ERROR - cannot execute, this KB fix has not been implimented yet. Will be added in the near future.' 
        ''
    } #default-csvfile

 } #switch-CSVFILE
} #import
} #csv


default { 
    ''
    'USAGE: skyline-fixer ARG VARIABLE' 
    ' kblist'
    ' csv Finding.csv (fix | workaround)'
    ''
     createsource
    } #default

} #switch-OPTIONX
} #function

function skyline-helper {
[CmdletBinding()] 
param(
 [string]$CHOICE1,
 [string]$CHOICE2,
 [string]$CHOICE3,
 [string]$CHOICE4,
 [string]$CHOICE5
)

switch ( $CHOICE1 )
{
create-role { 
    connect-viserver -server $CHOICE2
    tagset
    new-virole -name $CHOICE3 -privilege (get-viprivilege -id global.diagnostics, global.health, global.licenses, global.settings, system.anonymous, system.view, system.read)
    disconnect-viserver -confirm:$false
    }

check-role { 
    connect-viserver -server $CHOICE2
    tagset
    get-virole $CHOICE3 | get-viprivilege | select Id
    disconnect-viserver -confirm:$false
    }

add-2-role { 
    connect-viserver -server $CHOICE2
    tagset
    new-vipermission -entity (get-folder -norecursion) -principal $CHOICE3 -role $CHOICE4 -propagate:$true 
    disconnect-viserver -confirm:$false
    }
 
check-account { 
    connect-viserver -server $CHOICE2
    tagset
    get-vipermission -principal $CHOICE3
    disconnect-viserver -confirm:$false
    }

stop-ssh { 
    connect-viserver -server $CHOICE2
    get-vmhost -name $CHOICE3 | get-vmhostservice | Where Key -EQ "TSM-SSH" | stop-vmhostservice -confirm:$false
    disconnect-viserver -confirm:$false
    }

start-ssh { 
    connect-viserver -server $CHOICE2
    get-vmhost -name $CHOICE3 | get-vmhostservice | Where Key -EQ "TSM-SSH" | start-vmhostservice -confirm:$false
    disconnect-viserver -confirm:$false
    }

skyline-prep {
     Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))
     choco install putty
    choco install curl
    }

check-update {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli update --check" }

install-update {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli update --install latest --accepteula" }

check-version {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli version --appliance" }

nsx-prep { install-module PowerNSX -force}

reset-adminpw {
    plink -ssh root@$CHOICE2 -no-antispoof "cp /usr/local/skyline/ccf/config/generated/credentials.json /usr/local/skyline/ccf/config/generated/credentials.old" 
    write-host ''
    write-host 'Please reboot skyline appliance now. The admin password is now "default"'
    write-host ''
}

check-nsxaccount { 
    connect-nsxserver -vCenterServer $CHOICE2
    get-nsxuserrole $CHOICE3 
    disconnect-nsxserver -confirm:$false
    }

vrops-prep { install-module Vmware.VimAutomation.vROps -force}

check-vropsaccount { 
    connect-omserver $CHOICE2
    get-omuser $CHOICE3
    disconnect-omserver -confirm:$false
    }

skyline-vm-check { 
    connect-viserver -server $CHOICE2
    tagset
    get-vm $CHOICE3
    disconnect-viserver -confirm:$false
    }

skyline-vm-turnon { 
    connect-viserver -server $CHOICE2
    tagset
    start-vm $CHOICE3
    disconnect-viserver -confirm:$false
    }

powercli-prep { 
    install-module vmware.powercli -force
    Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP $false -confirm:$false
    Set-PowerCLIConfiguration -InvalidCertificateAction ignore -confirm:$false    
    }

ova-prep {
$file = checkfile
    . $file

    if ($OVAPATH -eq $null)
    {
        $SAMPLEOVAPATH = select-string -path $file -pattern OVAPATH
        if ( $SAMPLEOVAPATH.Matches.Count -lt 1)
        {
            add-content $file '#OVAPATH = "NEED-OVA-PATH"'
            add-content $file '#OVANAME = "NEED-OVA-NAME"'
            add-content $file '#OVAIP = "NEED-OVA-IP"'
            add-content $file '#OVANETMASK = "NEED-OVA-NETMASK"'
            add-content $file '#OVADNS = "NEED-OVA-DNS"'
            add-content $file '#OVAGW = "NEED-OVA-GATEWAY"'
            add-content $file '#OVAPASSWD = "NEED-OVA-PASSWORD"'
        }
    }
}

ova-deploy {
$file = checkfile
    . $file

    if ($OVAPATH -ne $null)
    {

    connect-viserver -server $CHOICE2
        tagset
        $ovfConfig = Get-OvfConfiguration $OVAPATH
        $ovfConfig.NetworkMapping.Network_1.Value = $CHOICE5
        $ovfConfig.vami.VMware_Skyline_Appliance.gateway.value = $OVAGW
        $ovfConfig.vami.VMware_Skyline_Appliance.DNS.value = $OVADNS
        $ovfConfig.vami.VMware_Skyline_Appliance.ip0.value = $OVAIP
        $ovfConfig.vami.VMware_Skyline_Appliance.netmask0.value = $OVANETMASK
        $ovfConfig.Common.varoot_password.Value = $OVAPASSWD
        Import-VApp -source $OVAPATH -name $OVANAME -OvfConfiguration $ovfConfig -VMHost $CHOICE3 -datastore $CHOICE4 -diskstorageformat thin
        start-vm -vm $OVANAME -confirm:$false
    disconnect-viserver -confirm:$false    
    }
    else
    {
            write-host ''
            write-host "ERROR - cannot execute, please update OVA entries in $file"
            write-host ''
    }
}

enable-start-docker {plink -ssh root@$CHOICE2 -no-antispoof "systemctl enable docker && systemctl start docker" }

default { 
    ''
    'USAGE: skyline-help.ps1 ARG VARIABLE' 
    ' (client arg): [powercli-prep]'
    ' (vcenter arg): [create-role | check-role | add-2-role | check-account]'
    ' (esx arg): [start-ssh | stop-ssh]'
    ' (skyline arg1): [ova-prep | ova-deploy | skyline-prep]'
    ' (skyline arg2): [check-update | install-update | check-version]'
    ' (skyline arg3): [skyline-vm-check | skyline-vm-turnon | reset-adminpw]'
    ' (nsx arg): [nsx-prep | check-nsxaccount]'
    ' (vrops arg): [vrops-prep | check-vropsaccount]'
    ' (docker arg): [enable-start-docker]'
    ''
     createsource
    }
}
} #skyline-helper

function skyline-docker {
[CmdletBinding()] 
param(
 [string]$CHOICE1,
 [string]$CHOICE2,
 [string]$CHOICE3,
 [string]$CHOICE4,
 [string]$CHOICE5
)

switch ( $CHOICE1 )
{
docker-prep {
$file = checkfile
    . $file

    if ($DOCKERPATH -eq $null)
    {
        $SAMPLEDOCKERPATH = select-string -path $file -pattern DOCKERPATH
        if ( $SAMPLEDOCKERPATH.Matches.Count -lt 1)
        {
            add-content $file '#DOCKERPATH = "NEED-OVA-PATH"'
            add-content $file '#DOCKERNAME = "NEED-OVA-NAME"'
            add-content $file '#DOCKERIP = "NEED-OVA-IP"'
            add-content $file '#DOCKERNETMASK = "NEED-OVA-NETMASK"'
            add-content $file '#DOCKERDNS = "NEED-OVA-DNS"'
            add-content $file '#DOCKERGW = "NEED-OVA-GATEWAY"'
            add-content $file '#DOCKERPASSWD = "NEED-OVA-PASSWORD"'
        }
    }
}

docker-deploy {
$file = checkfile
    . $file

    if ($DOCKERPATH -ne $null)
    {

    connect-viserver -server $CHOICE2
        tagset
        $dovfConfig = Get-OvfConfiguration $DOCKERPATH
        $dovfConfig.NetworkMapping.Network_1.Value = $CHOICE5
        $dovfConfig.vami.VMware_Skyline_Appliance.gateway.value = $DOCKERGW
        $dovfConfig.vami.VMware_Skyline_Appliance.DNS.value = $DOCKDERDNS
        $dovfConfig.vami.VMware_Skyline_Appliance.ip0.value = $DOCKERIP
        $dovfConfig.vami.VMware_Skyline_Appliance.netmask0.value = $DOCKERNETMASK
        $dovfConfig.Common.varoot_password.Value = $DOCKERPASSWD
        Import-VApp -source $OVAPATH -name $DOCKERNAME -OvfConfiguration $dovfConfig -VMHost $CHOICE3 -datastore $CHOICE4 -diskstorageformat thin
        start-vm -vm $DOCKERNAME -confirm:$false
    disconnect-viserver -confirm:$false    
    }
    else
    {
            write-host ''
            write-host "ERROR - cannot execute, please update DOCKER entries in $file"
            write-host ''
    }
}

docker-install {
    #NOTE: fix path
    plink -ssh root@$CHOICE2 -no-antispoof 'mkdir /skyline'
    pscp "C:\Program Files\WindowsPowerShell\Modules\SkylineUtils\0.2.1\skylineutils-docker2.sh" root@"$CHOICE2":/skyline
    plink -ssh root@$CHOICE2 -no-antispoof 'chmod +x /skyline/skylineutils-docker2.sh'
    plink -ssh root@$CHOICE2 -no-antispoof '/skyline/skylineutils-docker2.sh -install'    
}

docker-salt { plink -ssh root@$CHOICE2 -no-antispoof '/skyline/skylineutils-docker2.sh -install-salt' }

docker-sftp { plink -ssh root@$CHOICE2 -no-antispoof '/skyline/skylineutils-docker2.sh -install-sftp' }

default { 
    ''
    'USAGE: skyline-docker ARG VARIABLE' 
    ' (arg1): [docker-prep | docker-deploy | docker-install]'
    ' (arg2): [docker-salt | docker-sftp]'
    ''
     createsource
    }
}
} #skyline-docker

function skyline-comm {
[CmdletBinding()] 
param(
 [string]$CHOICE1,
 [string]$CHOICE2,
 [string]$CHOICE3,
 [string]$CHOICE4,
 [string]$CHOICE5
)

switch ( $CHOICE1 )
{

prep {
$file = checkfile
    . $file

    if ($OVAPATH -eq $null)
    {
        $SAMPLEAPITOKEN = select-string -path $file -pattern APITOKEN
        if ( $SAMPLEAPITOKEN.Matches.Count -lt 1)
        {

            $file2 = "skyline.json"

            add-content $file '#APITOKEN = "NEED-API-TOKEN"'
            add-content $file '#APITOKENSERVER = "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize?grant_type=refresh_token"'
            add-content $file '#ACCESSSERVER = "https://skyline.vmware.com/public/api/data"'

            add-content $file2 '{ "query" : "'
            add-content $file2 '{'
            add-content $file2 ' activeFindings(limit: 200) {'
            add-content $file2 ' findings {'
            add-content $file2 ' findingId'
            add-content $file2 ' accountId'
            add-content $file2 ' findingDisplayName'
            add-content $file2 ' severity'
            add-content $file2 ' products'
            add-content $file2 ' findingDescription'
            add-content $file2 ' findingImpact'
            add-content $file2 ' recommendations'
            add-content $file2 ' kbLinkURLs'
            add-content $file2 ' recommendationsVCF'
            add-content $file2 ' kbLinkURLsVCF'
            add-content $file2 ' categoryName'
            add-content $file2 ' findingTypes'
            add-content $file2 ' firstObserved'
            add-content $file2 ' totalAffectedObjectsCount'
            add-content $file2 ' }'
            add-content $file2 ' totalRecords'
            add-content $file2 ' timeTaken'
            add-content $file2 ' }'
            add-content $file2 '}'
            add-content $file2 '"}'

            
        }
    }
}

get-access-token {
    $MYTOKEN2 = getaccesstoken2
    write-output $MYTOKEN2
}

get-findings {
 switch ($CHOICE2)
 {
 list {
            $file2 = "skyline.json"
            clear-content $file2

            add-content $file2 '{ "query" : "'
            add-content $file2 '{'
            add-content $file2 ' activeFindings(limit: 200) {'
            add-content $file2 ' findings {'
            add-content $file2 ' findingId'
            add-content $file2 ' products'
            add-content $file2 ' totalAffectedObjectsCount'
            add-content $file2 ' }'
            add-content $file2 ' }'
            add-content $file2 '}'
            add-content $file2 '"}'


    $file = checkfile
    . $file
    $MYTOKEN2 = getaccesstoken2
    $FINDINGS = invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -infile skyline.json -ContentType "application/json"
    write-output $FINDINGS.data.activeFindings.findings
 }
 detail {
            write-output $CHOICE3
            write-output $CHOICE4

            $file2 = "skyline.json"
            clear-content $file2

            add-content $file2 '{ "query" : "'
            add-content $file2 '{'
            add-content $file2 ' activeFindings('
            add-content $file2 ' filter: {'
            add-content $file2 " findingId: `"$CHOICE3`","
            add-content $file2 " product: `"$CHOICE4`""
            add-content $file2 ' }'
            add-content $file2 ' limit: 200) {'
            add-content $file2 ' findings {'
            add-content $file2 ' findingId'
            add-content $file2 ' accountId'
            add-content $file2 ' findingDisplayName'
            add-content $file2 ' severity'
            add-content $file2 ' products'
            add-content $file2 ' findingDescription'
            add-content $file2 ' findingImpact'
            add-content $file2 ' recommendations'
            add-content $file2 ' kbLinkURLs'
            add-content $file2 ' recommendationsVCF'
            add-content $file2 ' kbLinkURLsVCF'
            add-content $file2 ' categoryName'
            add-content $file2 ' findingTypes'
            add-content $file2 ' firstObserved'
            add-content $file2 ' totalAffectedObjectsCount'
            add-content $file2 ' affectedObjects(start: 0, limit: 200) {'
            add-content $file2 ' sourceName'
            add-content $file2 ' objectName'
            add-content $file2 ' objectType'
            add-content $file2 ' version'
            add-content $file2 ' buildNumber'
            add-content $file2 ' solutionTags {'
            add-content $file2 ' type'
            add-content $file2 ' version'
            add-content $file2 ' }'
            add-content $file2 ' firstObserved'
            add-content $file2 ' }'
            add-content $file2 ' }'
            add-content $file2 ' totalRecords'
            add-content $file2 ' timeTaken'
            add-content $file2 ' }'
            add-content $file2 '}'
            add-content $file2 '"}'

    $file = checkfile
    . $file
    $MYTOKEN2 = getaccesstoken2
    $FINDINGS = invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -infile skyline.json -ContentType "application/json"
    write-output $FINDINGS.data.activeFindings.findings
 }
  category {
               $file2 = "skyline.json"
            clear-content $file2

            add-content $file2 '{ "query" : "'
            add-content $file2 '{'
            add-content $file2 ' activeFindings('
            add-content $file2 ' filter: {'
            add-content $file2 " categoryName: [$CHOICE3]" 
            add-content $file2 ' }'
            add-content $file2 ' limit: 200)'
            add-content $file2 '{'
            add-content $file2 ' findings {'
            add-content $file2 ' findingId'
            add-content $file2 ' products'
            add-content $file2 ' totalAffectedObjectsCount'
            add-content $file2 ' }'
            add-content $file2 ' }'
            add-content $file2 '}'
            add-content $file2 '"}'


    $file = checkfile
    . $file
    $MYTOKEN2 = getaccesstoken2
    $FINDINGS = invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -infile skyline.json -ContentType "application/json"
    write-output $FINDINGS.data.activeFindings.findings
 }
 type {
               $file2 = "skyline.json"
            clear-content $file2

            add-content $file2 '{ "query" : "'
            add-content $file2 '{'
            add-content $file2 ' activeFindings('
            add-content $file2 ' filter: {'
            add-content $file2 " findingTypes: [$CHOICE3]" 
            add-content $file2 ' }'
            add-content $file2 ' limit: 200)'
            add-content $file2 '{'
            add-content $file2 ' findings {'
            add-content $file2 ' findingId'
            add-content $file2 ' products'
            add-content $file2 ' totalAffectedObjectsCount'
            add-content $file2 ' }'
            add-content $file2 ' }'
            add-content $file2 '}'
            add-content $file2 '"}'


    $file = checkfile
    . $file
    $MYTOKEN2 = getaccesstoken2
    $FINDINGS = invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -infile skyline.json -ContentType "application/json"
    write-output $FINDINGS.data.activeFindings.findings
 }
severity {
               $file2 = "skyline.json"
            clear-content $file2

            add-content $file2 '{ "query" : "'
            add-content $file2 '{'
            add-content $file2 ' activeFindings('
            add-content $file2 ' filter: {'
            add-content $file2 " severity: [$CHOICE3]" 
            add-content $file2 ' }'
            add-content $file2 ' limit: 200)'
            add-content $file2 '{'
            add-content $file2 ' findings {'
            add-content $file2 ' findingId'
            add-content $file2 ' products'
            add-content $file2 ' totalAffectedObjectsCount'
            add-content $file2 ' }'
            add-content $file2 ' }'
            add-content $file2 '}'
            add-content $file2 '"}'


    $file = checkfile
    . $file
    $MYTOKEN2 = getaccesstoken2
    $FINDINGS = invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -infile skyline.json -ContentType "application/json"
    write-output $FINDINGS.data.activeFindings.findings
 }
  custom {
    $file = checkfile
    . $file
    $MYTOKEN2 = getaccesstoken2
    $FINDINGS = invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -infile skyline.json -ContentType "application/json"
    write-output $FINDINGS.data.activeFindings.findings
 }
 }
}

default { 
    ''
    'USAGE: skyline-comm ARG VARIABLE' 
    ' (arg1): [prep]'
    ' (arg2): [get-access-token]'
    ' (arg3): [get-findings list]'
    ' (arg4): [get-findings detail findingid source]'
    ' (arg5): [get-findings custom]'
    ' (arg6): [get-findings category SECURITY|NETWORK|COMPUTE|STORAGE]'
    ' (arg7): [get-findings type CONFIGURATION|UPGRADE]'
    ' (arg8): [get-findings severity CRITICAL|MODERATE|TRIVIAL]'
    ''
     createsource
    }
}
} #skyline-comm


function skyline-sec {
[CmdletBinding()] 
param(
 [string]$CHOICE1,
 [string]$CHOICE2
)

switch ( $CHOICE1 )
{
set-ssh {
write-output "starting to set SSH settings on $CHOICE2..."
    $SSHmat = plink root@$CHOICE2 -no-antispoof "grep -c 'MaxAuthTries 2' /etc/ssh/sshd_config"
        if ( $SSHmat -lt 1)
    { #V-239165
    write-output "...set MaxAuthTries..."
    plink root@$CHOICE2 -no-antispoof "echo 'MaxAuthTries 2' >> /etc/ssh/sshd_config"
    } else
        {
    write-output "...MaxAuthTries has already been set..."
    }

    $SSHiukh = plink root@$CHOICE2 -no-antispoof "grep -c 'IgnoreUserKnownHosts yes' /etc/ssh/sshd_config"
        if ( $SSHiukh -lt 1)
    { #V-239164
    write-output "...set IgnoreUserKnownHosts..."
    plink root@$CHOICE2 -no-antispoof "echo 'IgnoreUserKnownHosts yes' >> /etc/ssh/sshd_config"
    } else
        {
    write-output "...IgnoreUserKnownHosts has already been set..."
    }

    $SSHcomp = plink root@$CHOICE2 -no-antispoof "grep -c 'Compression no' /etc/ssh/sshd_config"
        if ( $SSHcomp -lt 1)
    { #V-239161
    write-output "...set Compression..."
    plink root@$CHOICE2 -no-antispoof "echo 'Compression no' >> /etc/ssh/sshd_config"
    } else
        {
    write-output "...Compression has already been set..."
    }

    $SSHpep = plink root@$CHOICE2 -no-antispoof "grep -v '#' /etc/ssh/sshd_config | grep -c 'PermitEmptyPasswords no'"
        if ( $SSHpep -lt 1)
    { #V-239160
    write-output "...set PermitEmptyPasswords..."
    plink root@$CHOICE2 -no-antispoof "echo 'PermitEmptyPasswords no' >> /etc/ssh/sshd_config"
    } else
        {
    write-output "...PermitEmptyPasswords has already been set..."
    }
write-output "...complete set SSH settings on $CHOICE2"

}
set-passwd {
write-output "starting to set password settings on $CHOICE2..."
write-output "...set 90 Days Max Lifetime..."
    plink root@$CHOICE2 -no-antispoof "sed -i s/'PASS_MAX_DAYS 60'/'PASS_MAX_DAYS 90'/g /etc/login.defs"
write-output "...set password history..."
    plink root@$CHOICE2 -no-antispoof "touch /etc/security/opasswd; chown root:root /etc/security/opasswd; chmod 0600 /etc/security/opasswd; echo 'password required pam_pwhistory.so enforce_for_root use_authtok remember=5 retry=3' >> /etc/pam.d/system-password"
write-output "...complete set password settings on $CHOICE2"

}

default { 
    ''
    'USAGE: skyline-sec ARG VARIABLE' 
    ' (arg1): [set-ssh]'
    ' (arg2): [set-passwd]'
    ''
     createsource
    } #set-logging, set-config
}
} #skyline-sec
Export-ModuleMember -Function 'skyline-fixer', 'skyline-helper', 'skyline-docker', 'skyline-comm', 'skyline-sec'