90 lines
3.2 KiB
PowerShell
90 lines
3.2 KiB
PowerShell
function Get-Appliedto-Any-Rule {
|
|
param (
|
|
$nsxtmanager,
|
|
$username,
|
|
[securestring]$securedValue,
|
|
$policyexclusions,
|
|
$ruleexclusions
|
|
)
|
|
|
|
|
|
#SSL Check Ignore
|
|
add-type @"
|
|
using System.Net;
|
|
using System.Security.Cryptography.X509Certificates;
|
|
public class TrustAllCertsPolicy : ICertificatePolicy {
|
|
public bool CheckValidationResult(
|
|
ServicePoint srvPoint, X509Certificate certificate,
|
|
WebRequest request, int certificateProblem) {
|
|
return true;
|
|
}
|
|
}
|
|
"@
|
|
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
|
|
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3, [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12
|
|
|
|
###
|
|
|
|
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securedValue))
|
|
$userpass = $username + ":" + $password
|
|
|
|
$bytes = [System.Text.Encoding]::UTF8.GetBytes($userpass)
|
|
$encodedlogin = [Convert]::ToBase64String($bytes)
|
|
$authheader = "Basic " + $encodedlogin
|
|
$header = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
|
|
$header.Add("Authorization", $authheader)
|
|
|
|
#api request
|
|
#get excluded dFW List
|
|
$policies = Invoke-RestMethod -Uri "https://$nsxtmanager/policy/api/v1/infra/domains/default/security-policies" -Headers $header -Method 'GET'
|
|
|
|
$output = @()
|
|
|
|
foreach ($policy in $policies.results) {
|
|
if ($policy.id -notin $policyexclusions) {
|
|
$rules = Invoke-RestMethod -Uri "https://$nsxtmanager/policy/api/v1/infra/domains/default/security-policies/$($policy.id)/rules" -Headers $header -Method 'GET'
|
|
foreach($rule in $rules.results){
|
|
if ($rule.id -notin $ruleexclusions) {
|
|
if ($rule.scope -like "ANY" -and $policy.scope -like "ANY") {
|
|
$obj = "" | Select Policy,Rule,AppliedTo
|
|
$obj.Policy = $policy.id
|
|
$obj.Rule = $rule.id
|
|
$obj.AppliedTo = $rule.scope
|
|
$output += $obj
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return $output
|
|
}
|
|
|
|
#####
|
|
#var nsx-t
|
|
$username = "admin"
|
|
$nsxtmanager = "nsxsdbx04.hob.local"
|
|
$credstore = "C:\Users\user\Downloads\vCheck-vSphere-6.25\nsxtcred.secure"
|
|
|
|
#check if credentials exists
|
|
if (Test-Path $credstore) {
|
|
$securedValue = Get-Content $credstore | ConvertTo-SecureString
|
|
}else {
|
|
$securedValue = Read-Host "Enter password" -AsSecureString
|
|
$securedValue | ConvertFrom-SecureString | Out-File $credstore
|
|
}
|
|
|
|
#####
|
|
#var
|
|
$policyexclusions = @("default-layer3-section", "default-layer2-section")
|
|
#$ruleexclusions = @("global_test")
|
|
|
|
Get-Appliedto-Any-Rule -nsxtmanager $nsxtmanager -username $username -securedValue $securedValue -policyexclusions $policyexclusions -ruleexclusions $ruleexclusions
|
|
|
|
|
|
$Title = "90 NSX-T dFW Applied to Any Check"
|
|
$Header = "90 NSX-T dFW Applied to Any Check"
|
|
$Comments = "Following Policy/Rules are applied to ANY"
|
|
$Display = "Table"
|
|
$Author = "evoila GmbH"
|
|
$PluginVersion = 1.0
|
|
$PluginCategory = "vSphere" |