Upload files to "VMware/vCheck/NSX"

2025-06-18 05:48:19 +00:00 · 2025-06-18 05:48:19 +00:00 · 135315fab0
parent 7fd1ad4e4e
commit 135315fab0
1 changed files with 90 additions and 0 deletions
--- a/VMware/vCheck/NSX/90
+++ b/VMware/vCheck/NSX/90
@ -0,0 +1,90 @@
+function Get-Appliedto-Any-Rule {
+    param (
+        $nsxtmanager,
+        $username,
+        [securestring]$securedValue,
+        $policyexclusions,
+        $ruleexclusions
+    )
+    
+
+    #SSL Check Ignore
+    add-type @"
+    using System.Net;
+    using System.Security.Cryptography.X509Certificates;
+    public class TrustAllCertsPolicy : ICertificatePolicy {
+        public bool CheckValidationResult(
+            ServicePoint srvPoint, X509Certificate certificate,
+            WebRequest request, int certificateProblem) {
+            return true;
+        }
+    }
+"@
+    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
+    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3, [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12
+
+    ###
+   
+    $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securedValue))
+    $userpass = $username + ":" + $password
+
+    $bytes = [System.Text.Encoding]::UTF8.GetBytes($userpass)
+    $encodedlogin = [Convert]::ToBase64String($bytes)
+    $authheader = "Basic " + $encodedlogin
+    $header = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
+    $header.Add("Authorization", $authheader)
+
+    #api request
+    #get excluded dFW List
+    $policies = Invoke-RestMethod -Uri "https://$nsxtmanager/policy/api/v1/infra/domains/default/security-policies" -Headers $header -Method 'GET'
+
+    $output = @()
+
+    foreach ($policy in $policies.results) {
+        if ($policy.id -notin $policyexclusions) {
+            $rules = Invoke-RestMethod -Uri "https://$nsxtmanager/policy/api/v1/infra/domains/default/security-policies/$($policy.id)/rules" -Headers $header -Method 'GET'
+            foreach($rule in $rules.results){
+                if ($rule.id -notin $ruleexclusions) {
+                    if ($rule.scope -like "ANY" -and $policy.scope -like "ANY") {
+                        $obj = "" | Select Policy,Rule,AppliedTo
+                        $obj.Policy = $policy.id
+                        $obj.Rule = $rule.id
+                        $obj.AppliedTo = $rule.scope
+                        $output += $obj
+                    }
+                }
+            }
+        }
+    }
+    return $output
+}
+
+##### 
+#var nsx-t
+$username = "admin"
+$nsxtmanager = "nsxsdbx04.hob.local"
+$credstore = "C:\Users\user\Downloads\vCheck-vSphere-6.25\nsxtcred.secure"
+
+#check if credentials exists
+if (Test-Path $credstore) {
+    $securedValue = Get-Content $credstore | ConvertTo-SecureString
+}else {
+    $securedValue = Read-Host "Enter password" -AsSecureString 
+    $securedValue | ConvertFrom-SecureString | Out-File $credstore
+}
+
+#####
+#var
+$policyexclusions = @("default-layer3-section", "default-layer2-section")
+#$ruleexclusions = @("global_test")
+
+Get-Appliedto-Any-Rule -nsxtmanager $nsxtmanager -username $username -securedValue $securedValue -policyexclusions $policyexclusions -ruleexclusions $ruleexclusions
+
+
+$Title = "90 NSX-T dFW Applied to Any Check"
+$Header = "90 NSX-T dFW Applied to Any Check"
+$Comments = "Following Policy/Rules are applied to ANY"
+$Display = "Table"
+$Author = "evoila GmbH"
+$PluginVersion = 1.0
+$PluginCategory = "vSphere"