Add recommendations to host tests.

Vester/Tests/Host/Account-Lockout.Vester.ps1

@@ -1,12 +1,17 @@
 # Test file for the Vester module - https://github.com/WahlNetwork/Vester
 # Called via Invoke-Pester VesterTemplate.Tests.ps1
+# vSphere 6.0 Hardening Guide Guideline ID - ESXi.set-account-lockout
 
 # Test title, e.g. 'DNS Servers'
 $Title = 'Account Lock Failures'
 
 # Test description: How New-VesterConfig explains this value to the user
 $Description = '0 (off) or maximum number of failed logon attempts before the account is locked out'
 
+# Test recommendation: Follows VMware's Best Practices, Hardening Guides where applicable, or Default Values
+# Called by Get-VesterTest
+$Recommendation = 3
+
 # The config entry stating the desired values
 $Desired = $cfg.host.accountlockfailures
 
@@ -17,14 +22,14 @@ $Type = 'int'
 # $Object will scope to the folder this test is in (Cluster, Host, etc.)
 [ScriptBlock]$Actual = {
     (Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-        $_.Name -eq 'Security.AccountLockFailures'
-    }).Value
+            $_.Name -eq 'Security.AccountLockFailures'
+        }).Value
 }
 
 # The command(s) to match the environment to the config
 # Use $Object to help filter, and $Desired to set the correct value
 [ScriptBlock]$Fix = {
     Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-            $_.Name -eq 'Security.AccountLockFailures'
-        } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
+        $_.Name -eq 'Security.AccountLockFailures'
+    } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
 }

Vester/Tests/Host/Account-UnlockTime.Vester.ps1

@@ -1,12 +1,17 @@
 # Test file for the Vester module - https://github.com/WahlNetwork/Vester
 # Called via Invoke-Pester VesterTemplate.Tests.ps1
+# vSphere 6.0 Hardening Guide Guideline ID - ESXi.set-account-auto-unlock-time
 
 # Test title, e.g. 'DNS Servers'
 $Title = 'Account Unlock Time'
 
 # Test description: How New-VesterConfig explains this value to the user
 $Description = '0 (off) or number of seconds that an account is locked out'
 
+# Test recommendation: Follows VMware's Best Practices, Hardening Guides where applicable, or Default Values
+# Called by Get-VesterTest
+$Recommendation = 900
+
 # The config entry stating the desired values
 $Desired = $cfg.host.accountunlocktime
 
@@ -17,14 +22,14 @@ $Type = 'int'
 # $Object will scope to the folder this test is in (Cluster, Host, etc.)
 [ScriptBlock]$Actual = {
     (Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-        $_.Name -eq 'Security.AccountUnlockTime'
-    }).Value
+            $_.Name -eq 'Security.AccountUnlockTime'
+        }).Value
 }
 
 # The command(s) to match the environment to the config
 # Use $Object to help filter, and $Desired to set the correct value
 [ScriptBlock]$Fix = {
     Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-            $_.Name -eq 'Security.AccountUnlockTime'
-        } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
+        $_.Name -eq 'Security.AccountUnlockTime'
+    } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
 }

Vester/Tests/Host/BDPU-Filter.Vester.ps1

@@ -8,6 +8,10 @@ $Title = 'Network BDPU Filter'
 # Test description: How New-VesterConfig explains this value to the user
 $Description = '0 (disable) or 1 (enable) to control the BDPU filter on the ESXi host'
 
+# Test recommendation: Follows VMware's Best Practices, Hardening Guides where applicable, or Default Values
+# Called by Get-VesterTest
+$Recommendation = 1
+
 # The config entry stating the desired values
 $Desired = $cfg.host.networkbdpufilter
 
@@ -18,14 +22,14 @@ $Type = 'int'
 # $Object will scope to the folder this test is in (Cluster, Host, etc.)
 [ScriptBlock]$Actual = {
     (Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-        $_.Name -eq 'Net.BlockGuestBPDU'
-    }).Value
+            $_.Name -eq 'Net.BlockGuestBPDU'
+        }).Value
 }
 
 # The command(s) to match the environment to the config
 # Use $Object to help filter, and $Desired to set the correct value
 [ScriptBlock]$Fix = {
     Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-            $_.Name -eq 'Net.BlockGuestBPDU'
-        } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
+        $_.Name -eq 'Net.BlockGuestBPDU'
+    } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
 }

Vester/Tests/Host/DCUI-Access.Vester.ps1

@@ -1,12 +1,17 @@
 # Test file for the Vester module - https://github.com/WahlNetwork/Vester
 # Called via Invoke-Pester VesterTemplate.Tests.ps1
+# vSphere 6.0 Hardening Guide Guideline ID - ESXi.set-dcui-access
 
 # Test title, e.g. 'DNS Servers'
 $Title = 'DCUI Access'
 
 # Test description: How New-VesterConfig explains this value to the user
 $Description = 'Comma separated list of users with DCUI access'
 
+# Test recommendation: Follows VMware's Best Practices, Hardening Guides where applicable, or Default Values
+# Called by Get-VesterTest
+$Recommendation = 'List of authorized users'
+
 # The config entry stating the desired values
 $Desired = $cfg.host.dcuiaccess
 
@@ -17,14 +22,14 @@ $Type = 'string[]'
 # $Object will scope to the folder this test is in (Cluster, Host, etc.)
 [ScriptBlock]$Actual = {
     (Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-        $_.Name -eq 'DCUI.Access'
-    }).Value
+            $_.Name -eq 'DCUI.Access'
+        }).Value
 }
 
 # The command(s) to match the environment to the config
 # Use $Object to help filter, and $Desired to set the correct value
 [ScriptBlock]$Fix = {
     Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-            $_.Name -eq 'DCUI.Access'
-        } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
+        $_.Name -eq 'DCUI.Access'
+    } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
 }

Vester/Tests/Host/DCUI-Timeout.Vester.ps1

@@ -1,12 +1,17 @@
 # Test file for the Vester module - https://github.com/WahlNetwork/Vester
 # Called via Invoke-Pester VesterTemplate.Tests.ps1
+# vSphere 6.0 Hardening Guide Guideline ID - ESXi.set-dcui-timeout
 
 # Test title, e.g. 'DNS Servers'
 $Title = 'DCUI Timeout'
 
 # Test description: How New-VesterConfig explains this value to the user
 $Description = '0 (off) number of seconds before the DCUI timeout occurs'
 
+# Test recommendation: Follows VMware's Best Practices, Hardening Guides where applicable, or Default Values
+# Called by Get-VesterTest
+$Recommendation = 600
+
 # The config entry stating the desired values
 $Desired = $cfg.host.dcuitimeout
 
@@ -17,14 +22,14 @@ $Type = 'int'
 # $Object will scope to the folder this test is in (Cluster, Host, etc.)
 [ScriptBlock]$Actual = {
     (Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-        $_.Name -eq 'UserVars.DcuiTimeOut'
-    }).Value
+            $_.Name -eq 'UserVars.DcuiTimeOut'
+        }).Value
 }
 
 # The command(s) to match the environment to the config
 # Use $Object to help filter, and $Desired to set the correct value
 [ScriptBlock]$Fix = {
     Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-            $_.Name -eq 'UserVars.DcuiTimeOut'
-        } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
+        $_.Name -eq 'UserVars.DcuiTimeOut'
+    } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
 }

Vester/Tests/Host/Password-Policy.Vester.ps1

@@ -8,6 +8,10 @@ $Title = 'Password Policy'
 # Test description: How New-VesterConfig explains this value to the user
 $Description = 'pam_passwdqc Password Policy. Default = retry=3 min=disabled,disabled,disabled,7,7'
 
+# Test recommendation: Follows VMware's Best Practices, Hardening Guides where applicable, or Default Values
+# Called by Get-VesterTest
+$Recommendation = 'Site Specific'
+
 # The config entry stating the desired values
 $Desired = $cfg.host.passwordpolicy
 
@@ -18,14 +22,14 @@ $Type = 'string'
 # $Object will scope to the folder this test is in (Cluster, Host, etc.)
 [ScriptBlock]$Actual = {
     (Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-        $_.Name -eq 'Security.PasswordQualityControl'
-    }).Value
+            $_.Name -eq 'Security.PasswordQualityControl'
+        }).Value
 }
 
 # The command(s) to match the environment to the config
 # Use $Object to help filter, and $Desired to set the correct value
 [ScriptBlock]$Fix = {
     Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-            $_.Name -eq 'Security.PasswordQualityControl'
-        } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
+        $_.Name -eq 'Security.PasswordQualityControl'
+    } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
 }

Vester/Tests/Host/SSH-InteractiveTimeout.Vester.ps1

@@ -1,12 +1,17 @@
 # Test file for the Vester module - https://github.com/WahlNetwork/Vester
 # Called via Invoke-Pester VesterTemplate.Tests.ps1
+# vSphere 6.0 Hardening Guide Guideline ID - ESXi.set-shell-interactive-timeout
 
 # Test title, e.g. 'DNS Servers'
 $Title = 'SSH Interactive Timeout'
 
 # Test description: How New-VesterConfig explains this value to the user
 $Description = 'Maximum idle time permitted in an SSH session'
 
+# Test recommendation: Follows VMware's Best Practices, Hardening Guides where applicable, or Default Values
+# Called by Get-VesterTest
+$Recommendation = 900
+
 # The config entry stating the desired values
 $Desired = $cfg.host.sshinteractivetimeout
 
@@ -17,14 +22,14 @@ $Type = 'int'
 # $Object will scope to the folder this test is in (Cluster, Host, etc.)
 [ScriptBlock]$Actual = {
     (Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-        $_.Name -eq 'UserVars.ESXIShellInteractiveTimeout'
-    }).Value
+            $_.Name -eq 'UserVars.ESXIShellInteractiveTimeout'
+        }).Value
 }
 
 # The command(s) to match the environment to the config
 # Use $Object to help filter, and $Desired to set the correct value
 [ScriptBlock]$Fix = {
     Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-            $_.Name -eq 'UserVars.ESXIShellInteractiveTimeout'
-        } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
+        $_.Name -eq 'UserVars.ESXIShellInteractiveTimeout'
+    } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
 }

Vester/Tests/Host/SSH-Timeout.Vester.ps1

@@ -1,12 +1,17 @@
 # Test file for the Vester module - https://github.com/WahlNetwork/Vester
 # Called via Invoke-Pester VesterTemplate.Tests.ps1
+# vSphere 6.0 Hardening Guide Guideline ID - ESXi.set-shell-timeout
 
 # Test title, e.g. 'DNS Servers'
 $Title = 'SSH Timeout'
 
 # Test description: How New-VesterConfig explains this value to the user
 $Description = 'After being enabled, SSH access disables again after this long'
 
+# Test recommendation: Follows VMware's Best Practices, Hardening Guides where applicable, or Default Values
+# Called by Get-VesterTest
+$Recommendation = 900
+
 # The config entry stating the desired values
 $Desired = $cfg.host.sshtimeout
 
@@ -17,14 +22,14 @@ $Type = 'int'
 # $Object will scope to the folder this test is in (Cluster, Host, etc.)
 [ScriptBlock]$Actual = {
     (Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-        $_.Name -eq 'UserVars.ESXIShellTimeout'
-    }).Value
+            $_.Name -eq 'UserVars.ESXIShellTimeout'
+        }).Value
 }
 
 # The command(s) to match the environment to the config
 # Use $Object to help filter, and $Desired to set the correct value
 [ScriptBlock]$Fix = {
     Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-            $_.Name -eq 'UserVars.ESXIShellTimeout'
-        } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
+        $_.Name -eq 'UserVars.ESXIShellTimeout'
+    } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
 }

Vester/Tests/Host/Syslog-Server.Vester.ps1

@@ -1,12 +1,17 @@
 # Test file for the Vester module - https://github.com/WahlNetwork/Vester
 # Called via Invoke-Pester VesterTemplate.Tests.ps1
+# vSphere 6.0 Hardening Guide Guideline ID - ESXi.enable-remote-syslog
 
 # Test title, e.g. 'DNS Servers'
 $Title = 'Syslog Server'
 
 # Test description: How New-VesterConfig explains this value to the user
 $Description = 'Syslog server(s) to send log data to'
 
+# Test recommendation: Follows VMware's Best Practices, Hardening Guides where applicable, or Default Values
+# Called by Get-VesterTest
+$Recommendation = 'Site Specific'
+
 # The config entry stating the desired values
 $Desired = $cfg.host.esxsyslog
 

Vester/Tests/Host/TPS-ForceSalting.Vester.ps1

@@ -8,6 +8,10 @@ $Title = 'Transparent Page Share Force Salting'
 # Test description: How New-VesterConfig explains this value to the user
 $Description = '0 (TPS enabled) 1 (TPS enabled for VMs with same salt) 2 (No inter-VM TPS)'
 
+# Test recommendation: Follows VMware's Best Practices, Hardening Guides where applicable, or Default Values
+# Called by Get-VesterTest
+$Recommendation = 2
+
 # The config entry stating the desired values
 $Desired = $cfg.host.tpsforcesalting
 
@@ -18,14 +22,14 @@ $Type = 'int'
 # $Object will scope to the folder this test is in (Cluster, Host, etc.)
 [ScriptBlock]$Actual = {
     (Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-        $_.Name -eq 'Mem.ShareForceSalting'
-    }).Value
+            $_.Name -eq 'Mem.ShareForceSalting'
+        }).Value
 }
 
 # The command(s) to match the environment to the config
 # Use $Object to help filter, and $Desired to set the correct value
 [ScriptBlock]$Fix = {
     Get-AdvancedSetting -Entity $Object | Where-Object -FilterScript {
-            $_.Name -eq 'Mem.ShareForceSalting'
-        } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
+        $_.Name -eq 'Mem.ShareForceSalting'
+    } | Set-AdvancedSetting -Value $Desired -Confirm:$false -ErrorAction Stop
 }