Installation of Power-CLI for CIS-CAT Pro Assessment of VMWareESXI target.


Product Name

CIS-CAT Pro Assessor v4

Product Version

v4.0.20+

Date

Aug 13, 2020



 

Problem

How do I install the required modules to assess an ESXi target with CIS-CAT Assessor v4?

Check to see if the required modules are already installed on the CIS-CAT Assessor Host system. In this example they are not installed;

PS C:\Windows\system32> Get-Module -ListAvailable -Name VMware.PowerCLI | Select Version, Name | ConvertTo-Csv -NoTypeInformation PS C:\Windows\system32> PS C:\Windows\system32> Get-Module -ListAvailable -Name VMware.* | Select Version, Name | ConvertTo-Csv -NoTypeInformation PS C:\Windows\system32>

 

Install the PowerCLI module. Note in this example installation fails. If there is not a failure proceed to the last step in this document.

PS C:\Windows\system32> Install-Module -Name VMware.PowerCLI NuGet provider is required to continue PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or 'C:\Users\bob\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by running 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install and import the NuGet provider now? [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): Y WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''. WARNING: Unable to download the list of available providers. Check your internet connection. PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider 'NuGet'. The package provider requires 'PackageManagement' and 'Provider' tags. Please check if the specified package has the tags. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7405 char:21 + ...     $null = PackageManagement\Install-PackageProvider -Name $script:N ... +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + CategoryInfo          : InvalidArgument: (Microsoft.Power...PackageProvider:InstallPackageProvider) [Install-PackageProvider], Exception     + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackageProvider -------SNIP

 

Please check this page for information on updating the Security Protocol which is the cause of the above failure to install PowerCLI. Some sample commands and output are provided below from a CIS test system.

Check of current security protocols;
PS C:\Windows\system32> [Net.ServicePointManager]::SecurityProtocol Ssl3, Tls PS C:\Windows\system32>

 

As per the link above, for this test system we ran this command to update the security protocols;

 

Restart PowerShell

 

List the updated security protocols;

 

Install the PowerCLI module

 

Check to make sure we have PowerCLI and VMware.VimAutomation.Core installed;

 

Copyright © 2020

Center for Internet Security®