[ PIM policy batch apply to multi-servers on windows ]
# ===============================================
# CA ControlMinder Rules Apply Script #
# ===============================================
#
# Title : CA ControlMinder Rules Apply Script
# Modified Date : 2015.12.29
# Modified By : Jong-Pil Jung
# -----------------------------------------------
# Windows PowerShell execution policy Check
# PS> get-executionpolicy
# Windows PowerShell execution policy Set (Execute permission change)
# PS> set-executionpolicy remotesigned
# -----------------------------------------------
# To extract today
#$today = Get-Date -format yyMMdd
$today = Get-Date -format yyyyMMdd
# To extract now
$chktm = Get-Date -format HHmm
# ---------- The beginnig part to be changed ---------- #
# Work directory
$work_dir = "c:\seos_work"
# Target Lists
$lstarget = "$work_dir\rule.target"
# Rules File
$rulefile = "$work_dir\rule.script"
$inp_file = "$work_dir\rule.input"
# Log directory/file
$log_dir = "$work_dir"
$logfile = "rule.log"
$now_log = "$log_dir\$logfile" + "_$today" + "$chktm"
$sum_cnt = 0
$suc_cnt = 0
$err_cnt = 0
$err_lst = "-"
$out_dir = "$work_dir\out"
if ( -not (Test-Path $out_dir) ) { new-item $out_dir -Type Directory | Out-Null }
# ---------- The ending part to be changed ---------- #
# The begin of applying rules to endpoints
# The Begin of Logging Time
$logtime = Get-Date -format HH:mm:ss
Add-Content $now_log "============================"
Add-Content $now_log "[$logtime] The Starting Time"
Add-Content $now_log "============================"
$targets = get-content -path $lstarget | where { $_ -notmatch "^#" }
foreach($target in $targets)
{
$host_ip = $target.split(",")[0];
# $host_nm = $target.split(",")[1];
# $host_os = $target.split(",")[2];
# CMAgent Status Check
$outfile = "$out_dir\$host_ip.out"
selang -s -c "host $host_ip" -o $outfile
$ok_cnt = get-content $outfile | findstr "Successfully connected" | Measure-Object | %{$_.Count}
# in case agent is up
if ($ok_cnt -eq 1)
{
# Using cmd to remove BOM character (ERROR: 0xEF unexpected character when using "selang -f")
cmd /c "echo host $host_ip > $inp_file"
cmd /c "type $rulefile >> $inp_file"
cmd /c "selang -s -f $inp_file >> $now_log"
$suc_cnt = $suc_cnt + 1;
#if (Test-Path $inp_file) { remove-item -path $inp_file -force | Out-Null }
}
else
{
Add-Content $now_log "($host_ip) Down`n"
$err_cnt = $err_cnt + 1;
$err_lst = "$err_lst $host_ip";
}
$sum_cnt = $sum_cnt + 1;
#if (Test-Path $outfile) { remove-item -path $outfile -force | Out-Null }
}
# The end of applying rules to endpoints
Add-Content $now_log "[Total: $sum_cnt, Success: $suc_cnt, failure: $err_cnt]"
Add-Content $now_log "Failure Hosts: $err_lst"
$logtime = Get-Date -format HH:mm:ss
Add-Content $now_log "============================"
Add-Content $now_log "[$logtime] The Ending Time"
Add-Content $now_log "============================"
# The End of Logging Time
# Removal of logging cm rules over 30 days
$DaysToDelete = (Get-Date).AddDays(-30)
Get-ChildItem -Path $log_dir\* -Include "$logfile_" | Where-Object {$_.LastWriteTime -lt $DaysToDelete} | Remove-Item
cu secadm
er terminal 10.10.10.30 owner(nobody) defacc(none) warning
auth terminal 10.10.10.30 id(root) acc(all)
[ rule.target file sample ]
# Exclude if first character is '#'
# Host_IP(Host_NM)
dc01
dc02
#dc03
No comments:
Post a Comment