一.背景信息
在我們的安全運維工作中經常需要進行安全基線配置和檢查,所謂的安全基線配置就是系統的最基礎的安全配置,安全基線檢查涉及操作系統、中間件、數據庫、甚至是交換機等網絡基礎設備的檢查,面對如此繁多的檢查項,自動化的腳本可以幫助我們快速地完成基線檢查的任務,如下為基線檢測腳本具體的內容,供大家學習參考
二.基線檢測腳本
<# # Windows操作系統安全加固基線檢測腳本 #> $PSDefaultParameterValues['Out-File:Encoding'] = 'utf8' $data = @{"project"=@()} secedit /export /cfg config.cfg /quiet #guest停用策略 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "EnableGuestAccount ")){ $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "1") { $data.code = "1" $projectdata = @{"msg"="guest賬戶停用策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="guest賬戶停用策略不符合標准";} $data['project']+=$projectdata } } }
#guest重命名策略 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "NewGuestName ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "Guest") { $data.code = "1" $projectdata = @{"msg"="guest賬戶重命名策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="guest賬戶重命名策略不符合標准";} $data['project']+=$projectdata } } }
#密碼復雜性策略 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "PasswordComplexity ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "1") { $data.code = "1" $projectdata = @{"msg"="密碼復雜性策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="密碼復雜性策略不符合標准";} $data['project']+=$projectdata } } }
#密碼長度最小值策略 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "MinimumPasswordLength ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -ge "8") { $data.code = "1" $projectdata = @{"msg"="密碼最小值策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="密碼最小值策略不符合標准";} $data['project']+=$projectdata } } }
#密碼最長使用期限策略 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "MaximumPasswordAge ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -le "90") { $data.code = "1" $projectdata = @{"msg"="密碼最長使用期限策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="密碼最長使用期限策略不符合標准";} $data['project']+=$projectdata } } }
#賬戶鎖定閥值策略 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "LockoutBadCount ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -le "5") { $data.code = "1" $projectdata = @{"msg"="賬戶鎖定閥值策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="賬戶鎖定閥值策略不符合標准";} $data['project']+=$projectdata } } }
#賬戶鎖定時間策略 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "ResetLockoutCount ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -ge "10") { $data.code = "1" $projectdata = @{"msg"="賬戶鎖定時間策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="賬戶鎖定時間策略不符合標准";} $data['project']+=$projectdata } } }
#關閉系統僅Administrator策略 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "ResetLockoutCount ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -ge "10") { $data.code = "1" $projectdata = @{"msg"="賬戶鎖定時間策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="賬戶鎖定時間策略不符合標准";} $data['project']+=$projectdata } } }
#操作系統遠程關機策略安全 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "SeRemoteShutdownPrivilege ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "*S-1-5-32-544") { $data.code = "1" $projectdata = @{"msg"="操作系統遠程關機策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="操作系統遠程關機策略不符合標准"; } $data['project']+=$projectdata } } }
#操作系統本地關機策略安全 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "SeShutdownPrivilege ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "*S-1-5-32-544") { $data.code = "1" $projectdata = @{"msg"="操作系統本地關機策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="操作系統本地關機策略不符合標准";} $data['project']+=$projectdata } } }
#取得文件或其他對象的所有權限策略 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "SeProfileSingleProcessPrivilege ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "*S-1-5-32-544") { $data.code = "1" $projectdata = @{"msg"="取得文件或其他對象的所有權限策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="取得文件或其他對象的所有權限策略不符合標准";} $data['project']+=$projectdata } } }
#從網絡訪問此計算機策略 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "SeNetworkLogonRight ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "*S-1-5-32-544,*S-1-5-32-545,*S-1-5-32-551") { $data.code = "1" $projectdata = @{"msg"="從網絡訪問此計算機策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="從網絡訪問此計算機策略不符合標准";} $data['project']+=$projectdata } } }
#審核策略更改 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "AuditSystemEvents ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "3") { $data.code = "1" $projectdata = @{"msg"="審核策略更改策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="審核策略更改策略不符合標准";} $data['project']+=$projectdata } } }
#審核登錄事件 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "AuditLogonEvents ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "3") { $data.code = "1" $projectdata = @{"msg"="審核登錄事件策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="審核登錄事件不符合標准";} $data['project']+=$projectdata } } }
#審核對象訪問 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "AuditObjectAccess ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "3") { $data.code = "1" $projectdata = @{"msg"="審核對象訪問策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="審核對象訪問不符合標准";} $data['project']+=$projectdata } } }
#審核進程跟蹤 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "AuditProcessTracking ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "2") { $data.code = "1" $projectdata = @{"msg"="審核進程跟蹤策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="審核進程跟蹤策略不符合標准";} $data['project']+=$projectdata } } }
#審核目錄服務訪問 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "AuditDSAccess ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "3") { $data.code = "1" $projectdata = @{"msg"="審核目錄服務訪問策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="審核目錄服務訪問策略不符合標准";} $data['project']+=$projectdata } } }
#審核特權使用 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "AuditPrivilegeUse ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "3") { $data.code = "1" $projectdata = @{"msg"="審核特權使用策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="審核特權使用策略不符合標准";} $data['project']+=$projectdata } } }
#審核系統事件 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "AuditSystemEvents ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "3") { $data.code = "1" $projectdata = @{"msg"="審核系統事件策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="審核系統事件策略不符合標准";} $data['project']+=$projectdata } } }
#審核賬戶登錄事件 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "AuditAccountLogon ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "2") { $data.code = "1" $projectdata = @{"msg"="審核賬戶登錄事件策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="審核賬戶登錄事件策略不符合標准";} $data['project']+=$projectdata } } }
#審核賬戶管理 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "AuditAccountManage ")) { $config_line[1] = $config_line[1].Trim(' ') if($config_line[1] -eq "2") { $data.code = "1" $projectdata = @{"msg"="審核賬戶管理策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="審核賬戶管理策略不符合標准";} $data['project']+=$projectdata } } }
#暫停會話前所需的空閑時間 $config = Get-Content -path config.cfg for ($i=0; $i -lt $config.Length; $i++) { $config_line = $config[$i] -split "=" if(($config_line[0] -eq "MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\AutoDisconnect")) { $config_line = $config_line[1] $config_line = $config[$i] -split "," if($config_line[1] -le "30") { $data.code = "1" $projectdata = @{"msg"="暫停會話前所需的空閑時間策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="暫停會話前所需的空閑時間策略不符合標准";} $data['project']+=$projectdata } } }
#是否啟用NTP服務同步時鍾 $Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer' $Name = 'Enabled' $config = (Get-ItemProperty -Path "Registry::$Key" -ErrorAction Stop).$Name if($config -eq "1") { $data.code = "1" $projectdata = @{"msg"="啟用NTP服務同步時鍾策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="啟用NTP服務同步時鍾策略不符合標准";} $data['project']+=$projectdata }
#檢測開機啟動項 $Key = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' $result = (Get-ItemProperty -Path "Registry::$Key" -ErrorAction Stop) $projectdata = @{"msg"="開機啟動項為:$($result)";} $data['project']+=$projectdata
#檢查關閉默認共享盤 $Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa' $Name = 'restrictanonymous' $config = (Get-ItemProperty -Path "Registry::$Key" -ErrorAction Stop).$Name if($config -eq "1") { $data.code = "1" $projectdata = @{"msg"="關閉默認共享盤策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="關閉默認共享盤策略不符合標准";} $data['project']+=$projectdata }
#禁止全部驅動器自動播放 $Key = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer' $name = "NoDriveTypeAutoRun" $config = (Get-ItemProperty -Path "Registry::$Key" -ErrorAction Stop).$name if($config -eq "255") { $data.code = "1" $projectdata = @{"msg"="禁止全部驅動器自動播放符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="禁止全部驅動器自動播放不符合標准";} $data['project']+=$projectdata }
#應用日志查看器大小設置 $Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application' $name = "MaxSize" $config = (Get-ItemProperty -Path "Registry::$Key" -ErrorAction Stop).$name if($config -ge "8192") { $data.code = "1" $projectdata = @{"msg"="應用日志查看器大小設置策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="應用日志查看器大小設置策略不符合標准";} $data['project']+=$projectdata }
#系統日志查看器大小設置 $Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System' $name = "MaxSize" $config = (Get-ItemProperty -Path "Registry::$Key" -ErrorAction Stop).$name if($config -ge "8192") { $data.code = "1" $projectdata = @{"msg"="系統日志查看器大小設置策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="系統日志查看器大小設置策略不符合標准";} $data['project']+=$projectdata }
#安全日志查看器大小設置 $Key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security' $name = "MaxSize" $config = (Get-ItemProperty -Path "Registry::$Key" -ErrorAction Stop).$name if($config -ge "8192") { $data.code = "1" $projectdata = @{"msg"="安全日志查看器大小設置策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="安全日志查看器大小設置策略不符合標准";} $data['project']+=$projectdata }
#屏幕自動保護程序 $Key = 'HKEY_CURRENT_USER\Control Panel\Desktop' $name = "ScreenSaveActive" $config = (Get-ItemProperty -Path "Registry::$Key" -ErrorAction Stop).$name if($config -eq "1") { $data.code = "1" $projectdata = @{"msg"="屏幕自動保護程序策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="屏幕自動保護程序策略不符合標准";} $data['project']+=$projectdata }
#屏幕保護程序啟動時間 $Key = 'HKEY_CURRENT_USER\Control Panel\Desktop' $name = "ScreenSaveTimeOut" $config = (Get-ItemProperty -Path "Registry::$Key" -ErrorAction Stop).$name if($config -le "600") { $data.code = "1" $projectdata = @{"msg"="屏幕保護程序啟動時間策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="屏幕保護程序啟動時間策略不符合標准";} $data['project']+=$projectdata }
#屏幕恢復時使用密碼保護 $Key = 'HKEY_CURRENT_USER\Control Panel\Desktop' $name = "ScreenSaveTimeOut" $config = (Get-ItemProperty -Path "Registry::$Key" -ErrorAction Stop).$name if($config -ge "1") { $data.code = "1" $projectdata = @{"msg"="屏幕恢復時使用密碼保護策略符合標准";} $data['project']+=$projectdata } else { $data.code = "0" $projectdata = @{"msg"="屏幕恢復時使用密碼保護策略不符合標准";} $data['project']+=$projectdata }
#結果處理 $date = Get-Date #$result = "" foreach ($i in $data.project){ #$result += "{'msg':$($i.msg)}," echo "{'msg':[$($i.msg)]}" $i.msg >>jixian.txt }
三.執行腳本
