Last month I was working in a security hardening project and implemented as per the standard recommended by the VMware.
We have to show to our internal security team that all the vsphere environment is protected as per the VMware recommendation so we built small web portal which will call the powercli script in the background to validate the hosts and provide the result.
Script will validate the below settings and provide the results
ESXi.config-ntp and service status
ESXi.config-persistent-logs
ESXi.enable-ad-auth
ESXi.config-persistent-logs
ESXi.set-account-auto-unlock-time
ESXi.set-shell-interactive-timeout
ESXi.set-shell-timeout
DNS IP check
Allowing only corresponding IP in DNS firewall for the UPD\TCP.
Result will show each tasks status and if it is fully protected then it will show as fully protected or else it will show which one is not as per the standard and in case if only one or two tasks are not up to the standard then it will show that corresponding tasks to change and rest it will show as 1 which means it is protected as per the recommendation .
Like mentioned results which is showing as 1 is good and if all the condition is 1 then it will be considered as true and host is fully protected.
Pls download the script from the below link.
Techbrainblog 