Open-AudIT
http://www.open-audit.org/phpBB3/

[feature] audit/discovery by esx/vsphere host ( PowerCLI )
http://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=6279
Page 1 of 1

Author:  jimmylowell [ Mon Feb 24, 2014 4:40 am ]
Post subject:  [feature] audit/discovery by esx/vsphere host ( PowerCLI )

The need arose to audit all Windows guests in our VM infrastructure. I put together a little PowerCLI script that sends audit_windows_vm.vbs to VM and Invokes cscript via bat to run it.

Code:
##ESX based auditing using Open-AudIT's audit_windows.vbs

#vm_list.txt has one VM guest name per line - can give different lists for different creds using parameters
param(
   [string]$user='user',
   [string]$pass='pass',
   [string]$audit_windows_vm='C:\audit_vms\audit_windows_vm.vbs', #added _vm to distinguish method
   [string]$vm_list='C:\audit_vms\vm_list.txt" ,
   [string]$vm_dir='C:\' #directory script places audit_windows_vm.vbs on guest VM
   )
$audit_vms='C:\audit_vms' #more or less=working directory.
echo $vm_list
$vms = Get-Content $vm_list
Foreach( $vm in $vms )
{
Try
   {
   echo $vm
   $ErrorActionPreference = "Stop"; #Make all errors terminating - catches vm guest authentication
   Copy-VMGuestFile -Source "$audit_vms\audit_windows_vm.vbs" -Destination $vm_dir -VM $vm -LocalToGuest -GuestUser $user -GuestPassword $pass
   Invoke-VMScript -ScriptText "cscript $vm_dir\audit_windows_vm.vbs && exit" -VM $vm -GuestUser $user -GuestPassword $pass -ScriptType Bat
   $vm >> "$audit_vms\logs\success_list.log"
   "$vm was audited successfully"
   }
Catch
   {
   $vm >> "$audit_vms\logs\failed_list.log"
   $Error[0] >> "$audit_vms\logs\errors.log"
   "$vm audit error"
   }
Finally
   {
   echo 'Continuing to next VM'
   }
}
"End of script"

Author:  jimmylowell [ Mon Feb 24, 2014 5:08 am ]
Post subject:  Re: [feature] audit/discovery by esx/vsphere host ( PowerCLI

I was also looking into grabbing VM Host for each guest. Doesn't seem like xml created after audit contains the "Physical Host" value anywhere. Wouldn't really be able to edit the audit results from how I've set it up. Could that information be included in the audit_windows_vm.vbs somewhere, or maybe as a command line argument / parameter?

Mark, will get back to your email soon! : )

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/