Skip to content

Commit

Permalink
Merge pull request AsBuiltReport#140 from rebelinux/dev
Browse files Browse the repository at this point in the history 
v0.8.5
  • Loading branch information
@rebelinux
rebelinux committed Jan 30, 2024
2 parents 011fb85 + d2bd6a9 commit 609a94a
Show file tree
Hide file tree
Showing 6 changed files with 175 additions and 6 deletions.
13 changes: 11 additions & 2 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,23 @@

## [0.8.5] - 2024-01-25

### Added

- Added Option => History section
- Improved Role & Users section
- Added Global MFA settings
- Added Auto logoff on inactivity setting
- Added Four-eye Authorization setting
- Added HealthCheck conditions

### Changed

- Removed Graphviz install check code.

### Fixed

- Improved error handling on Diagram section.
- Fixed issue with Veeam.Diagrammer module.
- Improved error handling on the Diagram section.
- Fixed issue with the Veeam.Diagrammer module.

## [0.8.4] - 2024-01-16

Expand Down
4 changes: 2 additions & 2 deletions Src/Private/Get-AbrVbrBackupProxy.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -449,7 +449,7 @@ function Get-AbrVbrBackupProxy {
}
if ($Graph) {
Section -Style Heading3 "VMware Backup Proxy Diagram." {
Image -Base64 $Graph -Text "VMware Backup Proxy Diagram" -Percent 20 -Align Center
Image -Base64 $Graph -Text "VMware Backup Proxy Diagram" -Percent (Get-ImagePercent -Graph $Graph) -Align Center
Paragraph "Image preview: Opens the image in a new tab to view it at full resolution." -Tabs 2
}
BlankLine
Expand Down Expand Up @@ -891,7 +891,7 @@ function Get-AbrVbrBackupProxy {
}
if ($Graph) {
Section -Style Heading3 "HyperV Backup Proxy Diagram." {
Image -Base64 $Graph -Text "HyperV Backup Proxy Diagram" -Percent 20 -Align Center
Image -Base64 $Graph -Text "HyperV Backup Proxy Diagram" -Percent (Get-ImagePercent -Graph $Graph) -Align Center
Paragraph "Image preview: Opens the image in a new tab to view it at full resolution." -Tabs 2
}
BlankLine
Expand Down
57 changes: 57 additions & 0 deletions Src/Private/Get-AbrVbrHistorySetting.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@

function Get-AbrVbrHistorySetting {
<#
.SYNOPSIS
Used by As Built Report to returns Email Notification settings configured on Veeam Backup & Replication..
.DESCRIPTION
Documents the configuration of Veeam VBR in Word/HTML/Text formats using PScribo.
.NOTES
Version: 0.8.5
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Credits: Iain Brighton (@iainbrighton) - PScribo module
.LINK
https://github.com/AsBuiltReport/AsBuiltReport.Veeam.VBR
#>
[CmdletBinding()]
param (

)

begin {
Write-PscriboMessage "Discovering Veeam VBR History settings information from $System."
}

process {
try {
$HistorySettings = Get-VBRHistoryOptions
if ($HistorySettings) {
Section -Style Heading4 'History Retention' {
$OutObj = @()
$inObj = [ordered] @{
'Keep All Sessions' = ConvertTo-TextYN $HistorySettings.KeepAllSessions
'Retention Limit' = "$($HistorySettings.RetentionLimitWeeks) weeks"
}
$OutObj = [pscustomobject]$inobj

$TableParams = @{
Name = "History Settings - $VeeamBackupServer"
List = $true
ColumnWidths = 40, 60
}
if ($Report.ShowTableCaptions) {
$TableParams['Caption'] = "- $($TableParams.Name)"
}
$OutObj | Table @TableParams
}
}
}
catch {
Write-PscriboMessage -IsWarning "History Setting Section: $($_.Exception.Message)"
}
}
end {}

}
104 changes: 103 additions & 1 deletion Src/Private/Get-AbrVbrUserRoleAssignment.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ function Get-AbrVbrUserRoleAssignment {
.DESCRIPTION
Documents the configuration of Veeam VBR in Word/HTML/Text formats using PScribo.
.NOTES
Version: 0.7.1
Version: 0.8.5
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand Down Expand Up @@ -46,6 +46,10 @@ function Get-AbrVbrUserRoleAssignment {
Write-PscriboMessage -IsWarning "Roles and Users Table: $($_.Exception.Message)"
}

if ($HealthCheck.Infrastructure.Settings) {
$OutObj | Where-Object { $_.'Name' -eq 'BUILTIN\Administrators'} | Set-Style -Style Warning -Property 'Name'
}

$TableParams = @{
Name = "Roles and Users - $VeeamBackupServer"
List = $false
Expand All @@ -55,6 +59,104 @@ function Get-AbrVbrUserRoleAssignment {
$TableParams['Caption'] = "- $($TableParams.Name)"
}
$OutObj | Sort-Object -Property 'Name' | Table @TableParams
if ($HealthCheck.Infrastructure.BestPractice -and ($OutObj | Where-Object {$_.'Name' -eq 'BUILTIN\Administrators'})) {
Paragraph "Health Check:" -Bold -Underline
BlankLine
Paragraph "Security Best Practice:" -Bold
BlankLine
if ($OutObj | Where-Object { $_.'Name' -eq 'BUILTIN\Administrators' }) {
Paragraph {
Text "Veeam recommends to give every Veeam admin his own admin account or add their admin account to the appropriate security group within Veeam and to remove the default 'Veeam Backup Administrator' role from local Administrators group, for traceability and easy adding and removal"
}
BlankLine
Paragraph {
Text -Bold "Reference:"
}
BlankLine
Paragraph {
Text "https://bp.veeam.com/security/Design-and-implementation/Roles_And_Users.html#roles-and-users"
}
BlankLine
}
}
try {
Section -ExcludeFromTOC -Style NOTOCHeading4 'Roles and Users Settings' {
BlankLine
$OutObj = @()
try {
try {$MFAGlobalSetting = [Veeam.Backup.Core.SBackupOptions]::get_GlobalMFA()} catch {Out-Null}
try {$AutoTerminateSession = [Veeam.Backup.Core.SBackupOptions]::get_AutomaticallyTerminateSession()} catch {Out-Null}
try {$AutoTerminateSessionMin = [Veeam.Backup.Core.SBackupOptions]::get_AutomaticallyTerminateSessionTimeoutMinutes()} catch {Out-Null}
try {$UserActionNotification = [Veeam.Backup.Core.SBackupOptions]::get_UserActionNotification()} catch {Out-Null}
try {$UserActionRetention = [Veeam.Backup.Core.SBackupOptions]::get_UserActionRetention()} catch {Out-Null}
foreach ($RoleAssignment in $RoleAssignments) {
Write-PscriboMessage "Discovered Roles and Users Settings."
$inObj = [ordered] @{
'Is MFA globally enabled?' = ConvertTo-TextYN $MFAGlobalSetting
'Is auto logoff on inactivity enabled?' = ConvertTo-TextYN $AutoTerminateSession
'Auto logoff on inactivity after' = "$($AutoTerminateSessionMin) minutes"
'Is Four-eye Authorization enabled?' = ConvertTo-TextYN $UserActionNotification
'Auto reject pending approvals after' = "$($UserActionRetention) days"
}
$OutObj = [pscustomobject]$inobj
}
}
catch {
Write-PscriboMessage -IsWarning "Roles and Users Settings Table: $($_.Exception.Message)"
}

if ($HealthCheck.Infrastructure.Settings) {
$OutObj | Where-Object { $_.'Is MFA globally enabled?' -like 'No'} | Set-Style -Style Warning -Property 'Is MFA globally enabled?'
foreach ( $OBJ in ($OutObj | Where-Object { $_.'Is MFA globally enabled?' -eq 'No' })) {
$OBJ.'Is MFA globally enabled?' = "* " + $OBJ.'Is MFA globally enabled?'
}
$OutObj | Where-Object { $_.'Is auto logoff on inactivity enabled?' -like 'No'} | Set-Style -Style Warning -Property 'Is auto logoff on inactivity enabled?'
foreach ( $OBJ in ($OutObj | Where-Object { $_.'Is auto logoff on inactivity enabled?' -eq 'No' })) {
$OBJ.'Is auto logoff on inactivity enabled?' = "** " + $OBJ.'Is auto logoff on inactivity enabled?'
}
$OutObj | Where-Object { $_.'Is Four-eye Authorization enabled?' -like 'No'} | Set-Style -Style Warning -Property 'Is Four-eye Authorization enabled?'
foreach ( $OBJ in ($OutObj | Where-Object { $_.'Is Four-eye Authorization enabled?' -eq 'No' })) {
$OBJ.'Is Four-eye Authorization enabled?' = "*** " + $OBJ.'Is Four-eye Authorization enabled?'
}
}

$TableParams = @{
Name = "Roles and Users Settings - $VeeamBackupServer"
List = $True
ColumnWidths = 40, 60
}
if ($Report.ShowTableCaptions) {
$TableParams['Caption'] = "- $($TableParams.Name)"
}
$OutObj | Table @TableParams
if ($HealthCheck.Infrastructure.BestPractice -and ($OutObj | Where-Object { $_.'Is MFA globally enabled?' -eq '* No' -or $_.'Is auto logoff on inactivity enabled?' -eq '** No' -or $_.'Is Four-eye Authorization enabled?' -eq '*** No'})) {
Paragraph "Health Check:" -Bold -Underline
BlankLine
Paragraph "Security Best Practice:" -Bold
BlankLine
if ($OutObj | Where-Object { $_.'Is MFA globally enabled?' -eq '* No' }) {
Paragraph {
Text "* To ensure comprehensive security, it's crucial to implement MFA across all user accounts. By using a combination of different authentication factors like passwords, biometrics, and one-time passcodes, you create layers of security that make it harder for attackers to gain unauthorized access."
}
BlankLine
}
if ($OutObj | Where-Object { $_.'Is auto logoff on inactivity enabled?' -eq '** No' }) {
Paragraph {
Text "** Limiting the length of inactive sessions can help protect sensitive information and prevent unauthorized account access."
}
BlankLine
}
if ($OutObj | Where-Object { $_.'Is Four-eye Authorization enabled?' -eq '*** No' }) {
Paragraph {
Text "*** Veeam recommends configuring Four-eye Authorization to be able to protect against accidental deletion of backup and repositories by requiring an approval from another Backup Administrator."
}
}
}
}
}
catch {
Write-PscriboMessage -IsWarning "Roles and Users Settings Section: $($_.Exception.Message)"
}
}
}
catch {
Expand Down
2 changes: 1 addition & 1 deletion Src/Private/SharedUtilsFunctions.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,7 @@ function Get-ImagePercent {
If ($Image_FromStream.Width -gt 1500) {
return 10
} else {
return 20
return 30
}
} # end

Expand Down
1 change: 1 addition & 0 deletions Src/Public/Invoke-AsBuiltReport.Veeam.VBR.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ function Invoke-AsBuiltReport.Veeam.VBR {
Get-AbrVbrEventForwarding
}
Get-AbrVbrGlobalNotificationSetting
Get-AbrVbrHistorySetting
Get-AbrVbrIOControlSetting
Get-AbrVbrBackupServerCertificate
Get-AbrVbrNetworkTrafficRule
Expand Down

0 comments on commit 609a94a

Please sign in to comment.