-
Notifications
You must be signed in to change notification settings - Fork 1
/
SecureAuditor.ps1
105 lines (93 loc) · 3.96 KB
/
SecureAuditor.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
[CmdletBinding()]
param()
if ($PSVersionTable.PSVersion.Major -lt 6) {
# Progress bar can significantly impact cmdlet performance
# https://github.com/PowerShell/PowerShell/issues/2138
$ProgressPreference = 'SilentlyContinue'
}
Import-Module ([IO.Path]::Combine($PSScriptRoot, 'SecureAuditor.psm1')) -Force
$i18n = Data {
# culture="en-US"
ConvertFrom-StringData @'
ClrVersion = .NET CLR Version
Culture = Culture
DateTime = DateTime
Hostname = Hostname
Hours = Hour(s)
OS = OS
Platform = Platform
PowerShellVersion = PowerShell Version
SystemInfo = System Information
TimeZone = TimeZone
UICulture = UI Culture
UpTime = UpTime
'@
}
if ($PSUICulture -ne 'en-US') {
Import-LocalizedData -BindingVariable i18n
}
$manifest = Import-PowerShellDataFile ([IO.Path]::Combine($PSScriptRoot, 'SecureAuditor.psd1'))
Write-Output "# Windows Secure Auditor: $($manifest.ModuleVersion)`n"
$config = Get-IniContent -file ([IO.Path]::Combine($PSScriptRoot, 'SecureAuditor.ini'))
$config = Get-IniContent -file ([IO.Path]::Combine($PSScriptRoot, 'SecureAuditor.local.ini')) -ini $config
# System Information
if ([bool]$config.SystemInfo.Enabled) {
$now = Get-Date
Write-Output "## $($i18n.SystemInfo)`n"
Write-Output "- $($i18n.Hostname): $([environment]::MachineName)"
Write-Output "- $($i18n.TimeZone): $(Get-TimeZone)"
Write-Output ("- $($i18n.DateTime): {0:yyyy-MM-dd'T'HH:mm:ss}" -f $now)
Write-Output "- $($i18n.Culture): $($PSCulture)"
Write-Output "- $($i18n.UICulture): $($PSUICulture)"
if ($PSVersionTable.PSEdition -eq 'Desktop' -or $PSVersionTable.Platform -eq 'Win32NT') {
# https://learn.microsoft.com/windows/win32/cimwin32prov/win32-operatingsystem
$os = Get-CimInstance -ClassName Win32_OperatingSystem -ErrorAction SilentlyContinue
Write-Output "- $($i18n.OS): $($os.Caption) - $($os.Version)"
Write-Output ("- $($i18n.UpTime): {0:0.##} $($i18n.Hours)" -f ($now - $os.LastBootUpTime).TotalHours)
}
else {
Write-Output "- $($i18n.OS): $($PSVersionTable.OS)"
Write-Output ("- $($i18n.UpTime): {0:0.##} $($i18n.Hours)" -f (Get-Uptime).TotalHours)
}
Write-Output "- $($i18n.PowerShellVersion): $($PSVersionTable.PSVersion)"
Write-Output "- $($i18n.ClrVersion): $([Environment]::Version)"
if (Get-Command 'Get-ComputerInfo' -ErrorAction SilentlyContinue) {
$props = $config.SystemInfo.Properties -split ',\s*' | Where-Object { -not [string]::IsNullOrWhiteSpace($_) }
if ($props.Count -gt 0) {
$info = Get-ComputerInfo -Property $props
foreach ($prop in $props) {
if ($prop -eq 'OsHotFixes' -and $info.OsHotFixes.Count -gt 0) {
Write-Output "- OsHotFixes:"
foreach ($hotFix in $info.OsHotFixes) {
Write-Output " - $($hotFix.HotFixID): $($hotFix.InstalledOn) $($hotFix.Description)"
}
continue;
}
Write-Output "- $($prop): $($info.$prop)"
}
}
}
}
# Test Rules
Get-ChildItem -Path ([IO.Path]::Combine($PSScriptRoot, 'rules')) -Recurse -Filter *.psm1 | ForEach-Object {
$ruleName = [System.IO.Path]::GetFileNameWithoutExtension($_.FullName)
$exclude = $config.Rules.Exclude;
if (-not [string]::IsNullOrWhiteSpace($exclude) -and $ruleName -match $exclude) {
return
}
$include = $config.Rules.Include;
if (-not [string]::IsNullOrWhiteSpace($include) -and $ruleName -notmatch $include) {
return
}
try {
$rule = Import-Module $_.FullName -AsCustomObject -PassThru -Force
$rule.Test($config)
}
catch {
$exception = $_.Exception;
if ($null -ne $exception.InnerException) {
$exception = $exception.InnerException
}
Write-Error -Message "> $($exception.Message)`n$($exception.ErrorRecord.InvocationInfo.PositionMessage)" -ErrorAction Stop
}
}