Zack Meier
60 lines
1.8 KiB
PowerShell
60 lines
1.8 KiB
PowerShell
|
|
<#
|
|
.SYNOPSIS
|
|
Checks VMware host lockdown mode status and creates incidents for disabled hosts.
|
|
|
|
.DESCRIPTION
|
|
Recurring PSU schedule task, ~8am.
|
|
|
|
This script connects to the ITD vCenter, retrieves all VMware hosts, and checks their lockdown mode status.
|
|
If lockdown mode is disabled on any hosts, it creates a ServiceNow incident for review.
|
|
|
|
.EXAMPLE
|
|
.\VMware-LockdownTickets.ps1
|
|
|
|
.NOTES
|
|
Requires VMware PowerCLI and ITD ServiceNow modules.
|
|
Service account credentials must be available via $PrvCred and $Secret:ndgov_svcitdvmvcro.
|
|
#>
|
|
[CmdletBinding()]
|
|
param (
|
|
|
|
)
|
|
|
|
begin {
|
|
|
|
}
|
|
|
|
process {
|
|
New-ITDServiceNowSession -Credential $Secret:snow_vmcred -Environment Production
|
|
Connect-ITDvCenter -Credential $Secret:ndgov_svcitdvmvcro
|
|
|
|
$AllVMHosts = Get-VMHost
|
|
$CurrentState = Get-ITDVMwareVMHostStatus -Name $AllVMHosts
|
|
$LockdownDisabled = $CurrentState | where-object lockdownmode -eq lockdowndisabled
|
|
|
|
If ($LockdownDisabled) {
|
|
|
|
ForEach ($VMHost in ($LockdownDisabled | Select -First 2)) {
|
|
Write-Verbose -Message "Start $($VMHost.Name) incident creation"
|
|
$NewIncidentParams = @{
|
|
CallerUsername = 'svcvmwareadm';
|
|
ShortDescription = ("Lockdown Mode is disabled on VMware host " + $VMHost.Name);
|
|
Description = ("Lockdown Mode is disabled on VMware host " + $VMHost.Name + ". Lockdown mode is a required for CIS hardening compliance 3.20 (L1)");
|
|
Impact = 3;
|
|
Urgency = 1;
|
|
Category = 'Cloud Platforms'
|
|
Subcategory = 'Virtualization'
|
|
AssignmentGroup = 'NDIT-Cloud Platforms'
|
|
}
|
|
New-ITDServiceNowIncident @NewIncidentParams
|
|
}
|
|
}
|
|
|
|
Disconnect-ITDvCenter
|
|
}
|
|
|
|
end {
|
|
|
|
}
|