From 135315fab0bb31b2f0947fb8296cbc598a1f6964 Mon Sep 17 00:00:00 2001 From: Timur Date: Wed, 18 Jun 2025 05:48:19 +0000 Subject: [PATCH] Upload files to "VMware/vCheck/NSX" --- VMware/vCheck/NSX/90 NSX-T Applied to Any.ps1 | 90 +++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 VMware/vCheck/NSX/90 NSX-T Applied to Any.ps1 diff --git a/VMware/vCheck/NSX/90 NSX-T Applied to Any.ps1 b/VMware/vCheck/NSX/90 NSX-T Applied to Any.ps1 new file mode 100644 index 0000000..e303735 --- /dev/null +++ b/VMware/vCheck/NSX/90 NSX-T Applied to Any.ps1 @@ -0,0 +1,90 @@ +function Get-Appliedto-Any-Rule { + param ( + $nsxtmanager, + $username, + [securestring]$securedValue, + $policyexclusions, + $ruleexclusions + ) + + + #SSL Check Ignore + add-type @" + using System.Net; + using System.Security.Cryptography.X509Certificates; + public class TrustAllCertsPolicy : ICertificatePolicy { + public bool CheckValidationResult( + ServicePoint srvPoint, X509Certificate certificate, + WebRequest request, int certificateProblem) { + return true; + } + } +"@ + [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3, [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12 + + ### + + $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securedValue)) + $userpass = $username + ":" + $password + + $bytes = [System.Text.Encoding]::UTF8.GetBytes($userpass) + $encodedlogin = [Convert]::ToBase64String($bytes) + $authheader = "Basic " + $encodedlogin + $header = New-Object "System.Collections.Generic.Dictionary[[String],[String]]" + $header.Add("Authorization", $authheader) + + #api request + #get excluded dFW List + $policies = Invoke-RestMethod -Uri "https://$nsxtmanager/policy/api/v1/infra/domains/default/security-policies" -Headers $header -Method 'GET' + + $output = @() + + foreach ($policy in $policies.results) { + if ($policy.id -notin $policyexclusions) { + $rules = Invoke-RestMethod -Uri "https://$nsxtmanager/policy/api/v1/infra/domains/default/security-policies/$($policy.id)/rules" -Headers $header -Method 'GET' + foreach($rule in $rules.results){ + if ($rule.id -notin $ruleexclusions) { + if ($rule.scope -like "ANY" -and $policy.scope -like "ANY") { + $obj = "" | Select Policy,Rule,AppliedTo + $obj.Policy = $policy.id + $obj.Rule = $rule.id + $obj.AppliedTo = $rule.scope + $output += $obj + } + } + } + } + } + return $output +} + +##### +#var nsx-t +$username = "admin" +$nsxtmanager = "nsxsdbx04.hob.local" +$credstore = "C:\Users\user\Downloads\vCheck-vSphere-6.25\nsxtcred.secure" + +#check if credentials exists +if (Test-Path $credstore) { + $securedValue = Get-Content $credstore | ConvertTo-SecureString +}else { + $securedValue = Read-Host "Enter password" -AsSecureString + $securedValue | ConvertFrom-SecureString | Out-File $credstore +} + +##### +#var +$policyexclusions = @("default-layer3-section", "default-layer2-section") +#$ruleexclusions = @("global_test") + +Get-Appliedto-Any-Rule -nsxtmanager $nsxtmanager -username $username -securedValue $securedValue -policyexclusions $policyexclusions -ruleexclusions $ruleexclusions + + +$Title = "90 NSX-T dFW Applied to Any Check" +$Header = "90 NSX-T dFW Applied to Any Check" +$Comments = "Following Policy/Rules are applied to ANY" +$Display = "Table" +$Author = "evoila GmbH" +$PluginVersion = 1.0 +$PluginCategory = "vSphere" \ No newline at end of file