13 11 2015
windows等保安全检查脚本
for win2008,win2012
保存为VBS格式。
管理员权限CMD执行cscript+脚本名
=============================================================
On Error Resume Next
Set p = CreateObject(“WScript.Shell”).Exec(“%COMSPEC% /c Md c:\test3”)
On Error GoTo 0
Set p = CreateObject(“WScript.Shell”).Exec(“%COMSPEC% /c secedit /export /cfg c:\test3\2.inf”)
WScript.Sleep 200
strIniFile = “C:\test3\2.inf”
Set WshShell = Wscript.CreateObject(“Wscript.Shell”)
strAdmi = ReadINI(strIniFile, “System Access”, “NewAdministratorName”)
strGues = ReadINI(strIniFile, “System Access”, “EnableGuestAccount”)
strPassCom = ReadINI(strIniFile, “System Access”, “PasswordComplexity”)
strMaxPassAge = ReadINI(strIniFile, “System Access”, “MaximumPasswordAge”)
strLockOut = ReadINI(strIniFile, “System Access”, “LockoutBadCount”)
strRemoteShutDown = ReadINI(strIniFile, “Privilege Rights”, “SeRemoteShutdownPrivilege”)
strShutdownPrivilege = ReadINI(strIniFile, “Privilege Rights”, “SeShutdownPrivilege”)
strTakeOwnershipPrivilege = ReadINI(strIniFile, “Privilege Rights”, “SeTakeOwnershipPrivilege”)
strDontDisplayLastUserName = ReadINI(strIniFile, “Registry Values”, “MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName”)
strDisableDomainCreds = ReadINI(strIniFile, “Registry Values”, “MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds”)
strDenyNetworkLogonRight = ReadINI(strIniFile, “Privilege Rights”, “SeDenyNetworkLogonRight”)
IntMaxPassAge = cint(strMaxPassAge)
If IntMaxPassAge <= 90 Then
strMaxPassAge = “Maximum Password Age is no more than 90 days(comply)”
Else
strMaxPassAge = “Maximum Password Age is? more than 90 days(not comply)”
End If
IntLockOut = cint(strLockOut)
If IntLockOut <= 6 Then
strLockOut = “Account lockout threshold no more than 6 invalid logon attempts(comply)”
Else
strLockOut = “Account lockout threshold? more than 6 invalid logon attempts(not comply)”
End If
If strAdmi = “””Administrator””” Then
strAdmi = “AdministratorName has not been changed(not comply)”
Else
strAdmi = “AdministratorName has been changed(comply)”
End If
j = Instr(strDenyNetworkLogonRight,”Guest”)
If j > 0 Then
strDenyNetworkLogonRight = “Guest is included in DenyNetworkLogonRight (comply)”
Else
strDenyNetworkLogonRight = “Guest is not included in DenyNetworkLogonRight (not comply)”
End If
j = Instr(strDontDisplayLastUserName,”0″)
If j > 0 Then
strDontDisplayLastUserName = “Don’t display last user name is disabled(not comply)”
Else
strDontDisplayLastUserName = “Don’t display last user name is enabled(comply)”
End If
j = Instr(strDisableDomainCreds,”0″)
If j > 0 Then
strDisableDomainCreds = “Do not allow storage of passwords and credentials for network authentication is disabled(not comply)”
Else
strDisableDomainCreds = “Do not allow storage of passwords and credentials for network authentication is enabled(comply)”
End If
j = Instr(strGues,”0″)
If j > 0 Then
strGues = “Guest account status is disabled(comply)”
Else
strGues = “Guest account status is enabled(not comply)”
End If
j = Instr(strPassCom,”0″)
If j > 0 Then
strPassCom = “Password must meet complexity requirements is disabled(not comply)”
Else
strPassCom = “Password must meet complexity requirements is enabled(comply)”
End If
j = Instr(strShutdownPrivilege,”,”)
If j > 0 Then
strShutdownPrivilege = “More than one has shut down the system Privilege(not comply) ”
Else
strShutdownPrivilege = “Only administrator has shut down the system Privilege(comply) ”
End If
j = Instr(strTakeOwnershipPrivilege,”,”)
If j > 0 Then
strTakeOwnershipPrivilege = “More than one has take ownership of files or other objects Privilege(not comply)”
Else
strTakeOwnershipPrivilege = “Only administrator has take ownership of files or other objects Privilege(comply)”
End If
j = Instr(strRemoteShutDown,”,”)
If j > 0 Then
strRemoteShutDown = “More than one has force shutdown from a remote system Privilege(not comply)”
Else
strRemoteShutDown = “Only administrator has force shutdown from a remote system Privilege(comply)”
End If
Wscript.Echo?? strDisableDomainCreds & vbCrLf & strDenyNetworkLogonRight & vbCrLf &strDontDisplayLastUserName & vbCrLf & strShutdownPrivilege & vbCrLf &strTakeOwnershipPrivilege & vbCrLf &strRemoteShutDown & vbCrLf & strLockOut & vbCrLf & strAdmi & vbCrLf & strGues & vbCrlf & strPassCom & vbCrLf & strMaxPassAge
RegValue = “”
On Error Resume Next
RegValue = CreateObject(“Wscript.Shell”).RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareSever”)
On Error GoTo 0
If RegValue = “” Then
RegValue = “AutoShare need is not shutted down(not comply)”
Else
j = Instr(RegValue,”0″)
If j > 0 Then
RegValue = “AutoShare is shutted down(comply)”
Else
RegValue = “AutoShare is not shutted down(not comply)”
End If
End If
Wscript.Echo RegValue
RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun”)
On Error GoTo 0
j = Instr(RegValue,”255″)
If j > 0 Then
Wscript.Echo “AutoPlay Disabled(comply)”
Else
Wscript.Echo “AutoPlay Enabled(not comply)”
End If
RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities\public”)
On Error GoTo 0
If RegValue = “” Then
RegValue = “community string is not public? or snmp? not started(not comply)”
Else
RegValue = “community string is public(comply)”
End If
Wscript.Echo RegValue
RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\application\Maxsize”)
On Error GoTo 0
If RegValue < 8388608 Then
RegValue = “Application Log MaxSize is lower than 8192KB(not comply)”
Else
RegValue = “Application Log MaxSize is not lower than 8192KB(comply)”
End If
Wscript.Echo RegValue
RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\application\Retention”)
On Error GoTo 0
If RegValue = 0 Then
RegValue = “Application Log retention is true(comply)”
Else
RegValue = “Application Log retention is false(not comply)”
End If
Wscript.Echo RegValue
RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Maxsize”)
On Error GoTo 0
If RegValue < 8388608 Then
RegValue = “Security Log MaxSize is lower than 8192KB(not comply)”
Else
RegValue = “Security Log MaxSize is not lower than 8192KB(comply)”
End If
Wscript.Echo RegValue
RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Retention”)
On Error GoTo 0
If RegValue = 0 Then
RegValue = “Security Log retention is true(comply)”
Else
RegValue = “Security Log retention is false(not comply)”
End If
Wscript.Echo RegValue
RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Maxsize”)
On Error GoTo 0
If RegValue < 8388608 Then
RegValue = “System Log MaxSize is lower than 8192KB(not comply)”
Else
RegValue = “System Log MaxSize is not lower than 8192KB(comply)”
End If
Wscript.Echo RegValue
RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Retention”)
On Error GoTo 0
If RegValue = 0 Then
RegValue = “System Log retention is true(comply)”
Else
RegValue = “System Log retention is false(not comply)”
End If
Wscript.Echo RegValue
Set p = CreateObject(“Wscript.Shell”).Exec(“%COMSPEC% /c sc query MpsSvc”)
Do While p.Status = 0
WScript.Sleep 100
Loop
Do While p.StdOut.AtEndOfStream = False
str = p.StdOut.Readline()
j = Instr(str,”STATE”)
If j > 0 Then
h = Instr(str,”1″)
If h > 0 Then
Wscript.echo “firewall not on(not comply)”
Else
Set m = CreateObject(“WScript.Shell”).Exec(“%COMSPEC% /c netsh advfirewall show currentprofile”)
Do While m.Status = 0
WScript.Sleep 100
Loop
Do While m.StdOut.AtEndOfStream = False
str1 = m.StdOut.Readline()
If Instr(str1,”状态”) > 0 Then
If Instr(str1,”启用”) > 0 Then
Wscript.Echo “firewall currentProfile is on(comply)”
Else
Wscript.Echo “firewall currentProfile is off(not comply)”
End If
End If
Loop
End If
End If
Loop
Set p = CreateObject(“WScript.Shell”).Exec(“%COMSPEC% /c auditpol /get /category:*”)
Do While p.Status = 0
WScript.Sleep 100
Loop
Do While p.StdOut.AtEndOfStream = False
str = p.StdOut.Readline()
If Instr(str,”凭据验证”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Credential Vaildation Success and Failure(comply)”
Else
Wscript.Echo “Credential Vaildation not Success and Failure(not comply)”
End If
ElseIf Instr(str,”Kerberos 身份验证服务”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Kerberos Authentication Service Success and Failure(comply)”
Else
Wscript.Echo “Kerberos Authentication Service not Success and Failure(not comply)”
End If
ElseIf Instr(str,”计算机帐户管理”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Computer Account Management Success and Failure(comply)”
Else
Wscript.Echo “Computer Account Management not Success and Failure(not comply)”
End If
ElseIf Instr(str,”安全组管理”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Security Group Management Success and Failure(comply)”
Else
Wscript.Echo “Security Group Management not Success and Failure(not comply)”
End If
ElseIf Instr(str,”用户帐户管理”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “User Account Management Success and Failure(comply)”
Else
Wscript.Echo “User Account Management not Success and Failure(not comply)”
End If
ElseIf Instr(str,”目录服务更改”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Directory Service Changes Success and Failure(comply)”
Else
Wscript.Echo “Directory Service Changes not Success and Failure(not comply)”
End If
ElseIf Instr(str,”? 登录”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Logon Success and Failure(comply)”
Else
Wscript.Echo “Logon not Success and Failure(not comply)”
End If
ElseIf Instr(str,”网络策略服务器”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Network Policy Server Success and Failure(comply)”
Else
Wscript.Echo “Network Policy Server not Success and Failure(not comply)”
End If
ElseIf Instr(str,”? 特殊登录”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Special Logon Success and Failure(not comply)”
ElseIf Instr(str, “成功”) > 0 Then
Wscript.Echo “Special Logon Success(comply)”
Else
Wscript.Echo “Special Logon not Success(not comply)”
End If
ElseIf Instr(str,”文件系统”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “File System Success and Failure(comply)”
Else
Wscript.Echo “File System not Success and Failure(not comply)”
End If
ElseIf Instr(str,”审核策略更改”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Audit Policy Change Success and Failure(comply)”
Else
Wscript.Echo “Audit Policy Change not Success and Failure(not comply)”
End If
ElseIf Instr(str,”身份验证策略更改”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Authentication Policy Change Success and Failure(comply)”
Else
Wscript.Echo “Authentication Policy Change not Success and Failure(not comply)”
End If
ElseIf Instr(str,” 敏感权限使用?????????????? “) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Sensitive Privilege use Success and Failure(comply)”
Else
Wscript.Echo “Sensitive Privilege use not Success and Failure(not comply)”
End If
ElseIf Instr(str,”其他系统事件”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Other System Events Success and Failure(comply)”
Else
Wscript.Echo “Other System Events not Success and Failure(not comply)”
End If
ElseIf Instr(str,”安全状态更改”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Security State Change Success and Failure(comply)”
Else
Wscript.Echo “Security State Change not Success and Failure(not comply)”
End If
ElseIf Instr(str,”系统完整性”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “System Integrity Success and Failure(comply)”
Else
Wscript.Echo “System Integrity not Success and Failure(not comply)”
End If
End If
Loop
Function ReadInI(strIniFilePath, strPrimary, strSubKey)
Dim objStream
Set objStream = CreateObject(“ADODB.Stream”)
With objStream
.Type = 2
.Mode = 3
.Open
.Charset = “Unicode”
.LoadFromFile strIniFilePath
strText = .ReadText
.Close
End With
Set objStream = Nothing
arrText = Split(strText, vbCrLf)
For Each strLine In arrText
If intCount = 0 Then
If strLine = “[” & strPrimary & “]” Then
intCount = 1
End If
Else
If Left(strLine,1) = “[” Then Exit For
j = InStr(strLine, “=”)
If j > 0 Then
If InStr(Left(strLine, j), strSubKey) > 0 Then
ReadInI = Trim(Right(strLine, Len(strLine) – InStr(strLine, “=”)))
Exit For
End If
End If
End If
Next
End Function
=================================
Xampp 1.7.1 是最后一个支持Zend Optimizer的版本 linux安全运维命令