So recently we went through a CIS audit. We use vROps (VCF Ops now) compliance module to audit our environment.
Some of the items that we are remediating include turning on some simple items, like adding an SSH connection banner, and updating the watchdog service policies.
I wrote a couple of PowerCLI scripts to accomplish this. Feel free to use them.
What this covers
- Sets a compliant SSH logon banner on ESXi hosts
- Updates ESXi watchdog service policies per CIS baseline
Usage
Download the ZIP(s) below and review the README or inline comments before running in your environment.
Tip: run against a test cluster first, then expand in batches. Take a quick config backup or snapshot of affected settings where possible. category: “AI category: AI & Automation Automation”