skyline-fixer.ps1
|
function cleansnapshots { connect-viserver -server $VCENTER tagset get-vm $ESX | get-snapshot | remove-snapshot -confirm:$false disconnect-viserver -confirm:$false } function vcenterpatch { $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) plink -ssh root@$VCENTER -no-antispoof -batch -pw "$password" 'software-packages stage --iso --acceptEulas' plink -ssh root@$VCENTER -no-antispoof -batch -pw "$password" 'software-packages install' } function patching { tagset $patches = get-patch $PATCHX $getpatchx = get-patchbaseline $PATCHX if ($getpatchx -lt 1) { new-patchbaseline -name $PATCHX -includepatch $patches -static } get-baseline $PATCHX | attach-baseline -entity $ESX get-inventory $ESX | scan-inventory } #patching function skyline-fixer { [CmdletBinding()] param( [string]$OPTIONX, [string]$CSVFILE, [string]$FIXWORK ) switch ( $OPTIONX ) { "taginfo" { connect-viserver -server $CSVFILE tagset disconnect-viserver -confirm:$false } "kblist" { '' '' write-host "vSphere" write-host "https://kb.vmware.com/s/article/52387" write-host "https://kb.vmware.com/s/article/53134" write-host "https://kb.vmware.com/s/article/55650" write-host "https://kb.vmware.com/s/article/55683" write-host "https://kb.vmware.com/s/article/58715" write-host "https://kb.vmware.com/s/article/58874" write-host "https://kb.vmware.com/s/article/65207" write-host "https://kb.vmware.com/s/article/67129" write-host "https://kb.vmware.com/s/article/67259" write-host "https://kb.vmware.com/s/article/67529" write-host "https://kb.vmware.com/s/article/70737" write-host "https://kb.vmware.com/s/article/70813" write-host "https://kb.vmware.com/s/article/76163" write-host "https://kb.vmware.com/s/article/76372" write-host "https://kb.vmware.com/s/article/76613" write-host "https://kb.vmware.com/s/article/76630" write-host "https://kb.vmware.com/s/article/76733" write-host "https://kb.vmware.com/s/article/76745" write-host "https://kb.vmware.com/s/article/76755" write-host "https://kb.vmware.com/s/article/79520" write-host "https://kb.vmware.com/s/article/79694" write-host "https://kb.vmware.com/s/article/80703" write-host "https://kb.vmware.com/s/article/81227" write-host "https://kb.vmware.com/s/article/81397" write-host "https://kb.vmware.com/s/article/81576" write-host "https://kb.vmware.com/s/article/81829" write-host "https://kb.vmware.com/s/article/82374" write-host "https://kb.vmware.com/s/article/82498" write-host "https://kb.vmware.com/s/article/83275" write-host "https://kb.vmware.com/s/article/83473" write-host "https://kb.vmware.com/s/article/83517" write-host "https://kb.vmware.com/s/article/83824" write-host "https://kb.vmware.com/s/article/83829" write-host "https://kb.vmware.com/s/article/85071" write-host "https://kb.vmware.com/s/article/86069" write-host "https://kb.vmware.com/s/article/1003736" write-host "https://kb.vmware.com/s/article/1025279" write-host "https://kb.vmware.com/s/article/1025757" write-host "https://kb.vmware.com/s/article/2003322" write-host "https://kb.vmware.com/s/article/2136430" write-host "https://kb.vmware.com/s/article/2149237" write-host "https://kb.vmware.com/s/article/2147959" write-host "https://kb.vmware.com/s/article/2150190" write-host "https://kb.vmware.com/s/article/2150794" write-host "https://kb.vmware.com/s/article/2150353" '' write-host "vSAN" write-host "https://kb.vmware.com/s/article/84209" write-host "https://kb.vmware.com/s/article/50121439" '' '' write-host "horizon" write-host "https://kb.vmware.com/s/article/2144475" '' write-host "vra (VMware Automation)" write-host "https://kb.vmware.com/s/article/1025279" '' '' write-host "vrops (VMware Operations Manager)" write-host "https://kb.vmware.com/s/article/53289" write-host "https://kb.vmware.com/s/article/76154" write-host "https://kb.vmware.com/s/article/2145578" '' '' write-host "VMSA" write-host "https://www.vmware.com/security/advisories/VMSA-2019-0022.html" write-host "https://www.vmware.com/security/advisories/VMSA-2020-0002.html" write-host "https://www.vmware.com/security/advisories/VMSA-2020-0015.html" write-host "https://www.vmware.com/security/advisories/VMSA-2021-0013.html" write-host "https://www.vmware.com/security/advisories/VMSA-2022-0004.html" write-host "https://www.vmware.com/security/advisories/VMSA-2022-0007.html" '' '' createsource } #kblist "csv" { createsource import-csv $CSVFILE | foreach-object { $KB = $_."Reference" $KB = $KB.trim() $VCENTER = $_."Source Name" $ESX = $_."Object Name" switch -wildcard ( $KB ) { { ($_ -eq "https://kb.vmware.com/s/article/1025279") -or ($_ -eq "https://kb.vmware.com/s/article/2149237")} { $DETAILX = "clean all snapshots" $confirmY = confirmX if ($confirmY -eq 'y') { cleansnapshots } } #2149237_1025279 "https://kb.vmware.com/s/article/76372" { $DETAILX = "turn off sfcbd and slapd" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER tagset Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "sfcbd-watchdog"} | Stop-VMHostService -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "slpd"} | Stop-VMHostService -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "sfcbd-watchdog"} | Set-VMHostService -Policy Off -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "slpd"} | Set-VMHostService -Policy Off -Confirm:$false disconnect-viserver -confirm:$false } } #76372 "https://kb.vmware.com/s/article/67259" { #NOTE: scp intel-nmve-*.vib into ESX:/tmp $DETAILX = "set debug_mask for qfle3" $confirmY = confirmX if ($confirmY -eq 'y') { plink root@$ESX 'esxcli system module parameters set -m qfle3 -p "debug_mask=0"' } } #67259 "https://kb.vmware.com/s/article/50121439" { #NOTE: scp intel-nmve-*.vib into ESX:/tmp $DETAILX = "install intel-nvme*.vib" $confirmY = confirmX if ($confirmY -eq 'y') { plink root@$ESX 'esxcli software vib install -v /tmp/intel-nvme-*.vib' } } #50121439 "https://kb.vmware.com/s/article/53289" { #NOTE: ESX = VROPS $DETAILX = "stop syslog and remove /var/log/warn, /var/logauth.log, and /var/log/messages" $confirmY = confirmX if ($confirmY -eq 'y') { $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) plink root@$ESX -batch -pw "$password" 'service syslog stop' plink root@$ESX -batch -pw "$password" 'rm -f /var/log/warn* /var/log/auth.log* /var/log/messages*' plink root@$ESX -batch -pw "$password" 'service syslog start' } } #53289 "https://kb.vmware.com/s/article/76154" { #NOTE: ESX = VROPS $DETAILX = "restart rsyslog" $confirmY = confirmX if ($confirmY -eq 'y') { plink root@$ESX 'service rsyslog restart' } } #76154 "https://kb.vmware.com/s/article/2145578" { #NOTE: ESX = VROPS $DETAILX = "clean /storage/log" $confirmY = confirmX if ($confirmY -eq 'y') { plink root@$ESX 'find /storage/log/ -mount -type f -mtime +1 -exec echo {} \; -exec truncate -cs 0 {} \; 2>&1 | tee /tmp/files_truncated.txt' } } #2145578 "https://kb.vmware.com/s/article/76630" { #NOTE: check to make sure ssh has been enabled on ESX #NOTE: create for loop for multiple ESX server $DETAILX = "install QLC_bootbank_qcnic, qfe3, qfe3f, and qfe3i" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { if ($FIXWORK -eq 'fix') {#NOTE: scp QLC_bootbank_q*.vib into ESX:/tmp $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib' plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib' plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib' plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib' } else { #NOTE: workaround $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) plink root@$ESX -batch -pw "$password" 'esxcfg-module -d qfle3i' plink root@$ESX -batch -pw "$password" 'esxcfg-module -d qfle3f' plink root@$ESX -batch -pw "$password" 'esxcfg-module -d qcnic' } } #6.5.* "6.7.*" { if ($FIXWORK -eq 'fix') {#NOTE: scp QLC_bootbank_q*.vib into ESX:/tmp $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib' plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib' plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib' plink root@$ESX -batch -pw "$password" 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib' } else { #NOTE: workaround $encrypted = ConvertTo-SecureString(read-host "Enter a Password" -AsSecureString | ConvertFrom-SecureString) $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($encrypted) $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr) plink root@$ESX -batch -pw "$password" 'esxcfg-module -d qfle3i' plink root@$ESX -batch -pw "$password" 'esxcfg-module -d qfle3f' plink root@$ESX -batch -pw "$password" 'esxcfg-module -d qcnic' } } #6.7.0 } #switch-HOSTX #NOTE: does not support v7.0 disconnect-viserver -confirm:$false } } #76630 "https://kb.vmware.com/s/article/85071" { $DETAILX = "configure ESXi670-202111001 and ESXi70U3c-19193900 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.7.*" { $PATCHX = "ESXi670-202111001" patching } #6.7.0 "7.0.*" { $PATCHX = "ESXi70U3c-19193900" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #85071 "https://kb.vmware.com/s/article/83473" { $DETAILX = "configure ESXi70U2c-18426014 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "7.0.*" { $PATCHX = "ESXi70U2c-18426014" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #83473 "https://kb.vmware.com/s/article/81397" { $DETAILX = "configure ESXi70U1c-17325551 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "7.0.*" { $PATCHX = "ESXi70U1c-17325551" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #81397 "https://kb.vmware.com/s/article/84209" { $DETAILX = "configure ESXi70U2-17630552 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "7.0.*" { $PATCHX = "ESXi70U2-17630552" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #84209 "https://kb.vmware.com/s/article/81227" { $DETAILX = "configure ESXi650-202102001, ESXi670-202011002, and ESXi70U3d-19482537 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-202102001" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-202011002" patching } #6.7.0 "7.0.*" { $PATCHX = "ESXi70U3d-19482537" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #81227 "https://kb.vmware.com/s/article/53134" { $DETAILX = "configure ESXi650-201912002 and ESXi670-201912001 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-201912002" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-201912001" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #53134 "https://kb.vmware.com/s/article/79694" { $DETAILX = "configure ESXi70b-16324942 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "7.0.*" { $PATCHX = "ESXi70b-16324942" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #79694 "https://www.vmware.com/security/advisories/VMSA-2022-0007.html" { $DETAILX = "configure TOOLS-17901792 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "TOOLS-19346243" patching disconnect-viserver -confirm:$false } } #vmsa-2022-0007 "https://www.vmware.com/security/advisories/VMSA-2021-0013.html" { $DETAILX = "configure TOOLS-17901792 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "TOOLS-17901792" patching disconnect-viserver -confirm:$false } } #vmsa-2021-0013 "https://www.vmware.com/security/advisories/VMSA-2020-0002.html" { $DETAILX = "configure TOOLS-15948996 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "TOOLS-15948996" patching disconnect-viserver -confirm:$false } } #vmsa-2020-0002 "https://www.vmware.com/security/advisories/VMSA-2022-0004.html" { $DETAILX = "configure ESXi650-202202401-SG, ESXi670-202111101-SG, ESXi70U1e-19324898, ESXi70U2e-19290878, and ESXi70U3c-19193900 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-202202401-SG" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-202111101-SG" patching } #6.7.0 "7.0.*" { #NEED TO LOOK INTO THIS $PATCHX = "ESXi70U1e-19324898" patching $PATCHX = "ESXi70U2e-19290878" patching $PATCHX = "ESXi70U3c-19193900" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #vmsa-2022-0004 "https://kb.vmware.com/s/article/76163" { $DETAILX = "configure TOOLS-15948996 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "TOOLS-15948996" patching disconnect-viserver -confirm:$false } } #76163 "https://kb.vmware.com/s/article/76733" { $DETAILX = "configure ESXi670-202004002 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.7.*" { $PATCHX = "ESXi670-202004002" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #76733 "https://kb.vmware.com/s/article/2150794" { $DETAILX = "configure ESXi650-201907201-UG and ESXi670-201908201-UG ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-201907201-UG" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-201908201-UG" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #2150794 "https://kb.vmware.com/s/article/76613" { $DETAILX = "configure ESXi600-201911001, ESXi650-201911001, and ESXi670-201911001 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.0.*" { $PATCHX = "ESXi600-201911001" patching } #6.0.0 "6.5.*" { $PATCHX = "ESXi650-201911001" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-201911001" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #76613 "https://kb.vmware.com/s/article/1025757" { $DETAILX = "configure ESXi650-202107001, ESXi670-202103001, and ESXi70U2-17630552 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-202107001" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-202103001" patching } #6.7.0 "7.0.*" { $PATCHX = "ESXi70U2-17630552" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #1025757 "https://kb.vmware.com/s/article/67129" { $DETAILX = "configure ESXi650-201907201-UG and ESXi670-201908201-UG ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-201907201-UG" patching } #6.5.0 "6.7.*" { $PATCHX = "ESXi670-201908201-UG" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839) disconnect-viserver -confirm:$false } } #67129 "https://kb.vmware.com/s/article/70737" { $DETAILX = "configure ESXi670-201908201-UG ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.7.*" { $PATCHX = "ESXi670-201908201-UG" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839) disconnect-viserver -confirm:$false } } #70737 "https://kb.vmware.com/s/article/65207" { $DETAILX = "configure ESXi670-201908201-UG ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.7.*" { $PATCHX = "ESXi670-201908201-UG" patching } #6.7.0 "7.0.*" { $PATCHX = "ESXi70b-16324942" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #70813 "https://kb.vmware.com/s/article/80703" { $DETAILX = "configure ESXi70U1-16850804 and ESXi670-202103001 ESX Baselines (esx7 patch not availabe at them moment)" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "7.0.*" { $PATCHX = "ESXi70U1-16850804" patching } #6.5.* "6.7.*" { $PATCHX = "ESXi670-202103001" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839) disconnect-viserver -confirm:$false } } #80703 "https://www.vmware.com/security/advisories/VMSA-2019-0022.html" { $DETAILX = "configure ESXi600-201912001, ESXi650-201912001, and ESXi670-201912001 ESX Baselines (DAS Fix and Workaround not availabe at them moment)" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.0.*" { $PATCHX = "ESXi600-201912001" patching } #6.0.* "6.5.*" { $PATCHX = "ESXi650-201912001" patching } #6.5.* "6.7.*" { $PATCHX = "ESXi670-201912001" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need DAS fix #NOTE: need Workaround disconnect-viserver -confirm:$false } } #VMSA-2019-0022 "https://www.vmware.com/security/advisories/VMSA-2020-0015.html" { $DETAILX = "configure ESXi650-202005401-SG, ESXi670-202004101-SG, and ESXi70b-16324942 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-202005401-SG" patching } #6.5.* "6.7.*" { $PATCHX = "ESXi670-202004101-SG" patching } #6.7.0 "7.0.*" { $PATCHX = "ESXi70b-16324942" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #VMSA-2020-0015 "https://www.vmware.com/security/advisories/VMSA-2020-0023.html" { $DETAILX = "configure ESXi650-202011001, ESXi670-202011001, and ESXi70U1a-17119627 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-202011001" patching } #6.5.* "6.7.*" { $PATCHX = "ESXi670-202011001" patching } #6.7.0 "7.0.*" { $PATCHX = "ESXi70U1a-17119627" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #VMSA-2020-0023 "https://kb.vmware.com/s/article/58715" { $DETAILX = "configure ESXi650-201810401-BG and ESXi670-201810401-BG ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-201810401-BG" patching } #6.5.* "6.7.*" { $PATCHX = "ESXi670-201810401-BG" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #58715 "https://kb.vmware.com/s/article/67529" { $DETAILX = "configure ESXi650-201912002 and ESXi670-202103001 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.5.*" { $PATCHX = "ESXi650-201912002" patching } #6.5.* "6.7.*" { $PATCHX = "ESXi670-202103001" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #67529 "https://kb.vmware.com/s/article/81576" { $DETAILX = "configure ESXi70U1c-17325551 and ESXi670-202011002 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "7.0.*" { $PATCHX = "ESXi70U1c-17325551" patching } #7.0.* "6.7.0" { $PATCHX = "ESXi670-202011002" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #81576 "https://kb.vmware.com/s/article/79520" { #NOTE:config configs exist on vcenter $DETAILX = "configure config.task.timeout and config.vmomi.soapStubAdapter" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER tagset get-advancedsetting -entity $ESX -name "config.task.timeout" | set-advancedsetting -value "7200" -confirm:$false get-advancedsetting -entity $ESX -name "config.vmomi.soapStubAdapter.blockingTimeoutSeconds" | set-advancedsetting -value "18000" -confirm:$false disconnect-viserver -confirm:$false } } #79520 "https://kb.vmware.com/s/article/2144475" { #NOTE: ESX is really VM in this context #NOTE: VDI $DETAILX = "configure svga.enableScreenDMA" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER get-advancesetting -entity $ESX -name svga.enableScreenDMA | set-advancesetting -value TRUE -confirm:$false disconnect-viserver -confirm:$false } } #2144475 { ($_ -eq "https://kb.vmware.com/s/article/86069") -or ($_ -eq "https://kb.vmware.com/s/article/82498") -or ($_ -eq "https://kb.vmware.com/s/article/2150190") -or ($_ -eq "https://kb.vmware.com/s/article/76745") -or ($_ -eq "https://kb.vmware.com/s/article/76755") -or ($_ -eq "https://kb.vmware.com/s/article/83829") -or ($_ -eq "https://kb.vmware.com/s/article/83275") -or ($_ -eq "https://kb.vmware.com/s/article/81829") -or ($_ -eq "https://kb.vmware.com/s/article/83824") -or ($_ -eq "https://kb.vmware.com/s/article/55683") -or ($_ -eq "https://kb.vmware.com/s/article/52387") -or ($_ -eq "https://kb.vmware.com/s/article/82374")} { $DETAILX = "WARNING - Actual vCenter Patch Install" $confirmY = confirmX if ($confirmY -eq 'y') { vcenterpatch } } #86069 "https://kb.vmware.com/s/article/1003736*" { $file = checkfile . $file if ($NTPSERVER -eq $null) { $SAMPLENTP = select-string -path $file -pattern NTPSERVER if ($SAMPLENTP.Matches.Count -lt 1) { add-content $file '#NTPSERVER = "NEED-NTP-SERVER"' } write-host '' write-host "ERROR - cannot execute, please update NTPSERVER entry in $file" write-host '' } else { $DETAILX = "NTP SERVER used ($NTPSERVER)" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER tagset add-vmhostntpserver -vmhost $ESX -ntpserver $NTPSERVER get-vmhost -name $ESX | get-vmhostservice | where-object {$_.key -eq "ntpd" } | start-vmhostservice get-vmhost -name $ESX | get-vmhostservice | where-object {$_.key -eq "ntpd" } | set-vmhostservice -policy "automatic" disconnect-viserver -confirm:$false } } } #1003736 "https://kb.vmware.com/s/article/83517" { $DETAILX = "configure ESXi70U2c-18426014 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "ESXi70U2c-18426014" patching disconnect-viserver -confirm:$false } } #83517 "https://kb.vmware.com/s/article/2147959" { $DETAILX = "configure ESXi600-Update03 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "ESXi600-Update03" patching disconnect-viserver -confirm:$false } } #2147959 "https://kb.vmware.com/s/article/58874" { $DETAILX = "configure ESXi670-Update02 ESX Baseline" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $PATCHX = "ESXi670-Update02" patching disconnect-viserver -confirm:$false } } #58874 "https://kb.vmware.com/s/article/2150353" { $DETAILX = "configure ESXi600-201711001 and ESXi650-201712001 ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.0.*" { $PATCHX = "ESXi600-201711001" patching } #6.0.0 "6.5.*" { $PATCHX = "ESXi650-201712001" patching } #6.5.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #2150353 "https://kb.vmware.com/s/article/2136430" { $DETAILX = "configure ESXi550-201608001 and ESXi600-201611401-BG ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "5.5.*" { $PATCHX = "ESXi550-201608001" patching } #5.5.* "6.0.*" { $PATCHX = "ESXi600-201611401-BG" patching } #6.0.* } #switch-HOSTX disconnect-viserver -confirm:$false } } #2136430 "https://kb.vmware.com/s/article/55650" { $DETAILX = "configure ESXi670-201811401-BG and ESXi650-201811401-BG ESX Baselines" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch -wildcard ( $HOSTX.Version ) { "6.7.*" { $PATCHX = "ESXi670-201811401-BG" patching } #6.7.* "6.5.*" { $PATCHX = "ESXi650-201811401-BG" patching } #6.5.0 } #switch-HOSTX disconnect-viserver -confirm:$false } } #55650 "https://kb.vmware.com/s/article/2003322" { $file = checkfile . $file if ($LOGDIR -eq $null) { $SAMPLELOGDIR = select-string -path $file -pattern LOGDIR if ( $SAMPLELOGDIR.Matches.Count -lt 1) { add-content $file '#LOGDIR = "NEED-LOG-DIR"' add-content $file '#LOGHOST = "NEED-LOG-HOST"' } write-host '' write-host "ERROR - cannot execute, please update LOGDIR and LOGHOST entries in $file" write-host '' } else { $DETAILX = "configure syslog.global.logdir, syslog.global.logdirunique, and syslog.global.hostHost" $confirmY = confirmX if ($confirmY -eq 'y') { connect-viserver -server $VCENTER tagset get-advancedsetting -entity $ESX -name "Syslog.global.logDir" | set-advancedsetting -value "[$LOGDIR] /" -confirm:$false get-advancedsetting -entity $ESX -name "Syslog.global.logDirUnique" | set-advancedsetting -value $true -confirm:$false get-advancedsetting -entity $ESX -name "Syslog.global.logHost" | set-advancedsetting -value "udp://$LOGHOST:514" -confirm:$false disconnect-viserver -confirm:$false } } } #2003322 default { '' 'ERROR - cannot execute, this KB fix has not been implimented yet. Will be added in the near future.' '' } #default-csvfile } #switch-CSVFILE } #import } #csv default { '' 'USAGE: skyline-fixer ARG VARIABLE' ' kblist' ' csv Finding.csv (fix | workaround)' '' createsource } #default } #switch-OPTIONX } #function |