Audit windows

De BlaxWiki
Aller à la navigationAller à la recherche

Ce script sert à récuperer divers information qui peuvent etre nécessaire pour un audit 

@@echo off

REM
REM Script de récupération de configuration
REM Systèmes d'exploitation Windows
REM Testé compatible pour :
REM     Windows 7
REM     Windows Server (2008 R2, 2012)
REM
REM Auteurs :
REM Walid Arnoult
REM Aurélien Marteau

echo.
echo Script d'audit de configuration Windows, par Intrinsec

set time_now=%date:~6,4%-%date:~3,2%-%date:~0,2%_%time:~0,2%%time:~3,2%%time:~6,2%
set time_now=%time_now: =0%
set logon_server=%LOGONSERVER%
set user_name=%USERNAME%
set computer_name=%COMPUTERNAME%
set outputs_folder=Intrinsec_Windows_%COMPUTERNAME%_%time_now%

echo [+] Début de l'audit audit : %time_now%
echo [+] Création du dossier [%outputs_folder%]
mkdir %outputs_folder%

FOR /F "tokens=3 delims= " %%G in ('reg query "hklm\system\controlset001\control\nls\language" /v Installlanguage') DO (set locale_code=%%G)
2>NUL CALL :CASE_%locale_code%
IF ERRORLEVEL 1 CALL :DEFAULT_CASE

echo [+] Utilisateur courant && set flag=0
whoami /all > %outputs_folder%\whoami_all.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Informations système && set flag=0
systeminfo > %outputs_folder%\systeminfo.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Configuration réseau && set flag=0
ipconfig /all > %outputs_folder%\ipconfig_all.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Mises à jour && set flag=0
wmic qfe list full /format:csv > %outputs_folder%\updates_list.csv || set flag=1
sc qc wuauserv > %outputs_folder%\updates_WinUpdate.txt || set flag=1
reg query "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" >> %outputs_folder%\updates_registry_options.txt || set flag=1
reg query "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" >> %outputs_folder%\updates_registry_options.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Processus && set flag=0
tasklist > %outputs_folder%\processus.txt
wmic process list full /format:csv > %outputs_folder%\processus.csv || set flag=1
wmic startup list full /format:csv > %outputs_folder%\processus_startup.csv || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Boot && set flag=0
bcdedit /enum {bootmgr} >> %outputs_folder%\bcdedit.txt || set flag=1
bcdedit /enum {current} >> %outputs_folder%\bcdedit.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Domaine && set flag=0
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" > %outputs_folder%\tcpip.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Politiques d'audit && set flag=0
auditpol /get /category:* > %outputs_folder%\audit_policies.txt || set flag=1
secedit /export /cfg %outputs_folder%\security_policies.inf.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Journalisation && set flag=0
wevtutil get-log Application >> %outputs_folder%\log_Application.txt || set flag=1
wevtutil get-log Security >> %outputs_folder%\log_Security.txt || set flag=1
wevtutil get-log System >> %outputs_folder%\log_System.txt || set flag=1
wevtutil qe Application /c:100 /f:text /rd:true >> %outputs_folder%\log_Application.txt || set flag=1
wevtutil qe Security /c:100 /f:text /rd:true >> %outputs_folder%\log_Security.txt || set flag=1
wevtutil qe System /c:100 /f:text /rd:true >> %outputs_folder%\log_System.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Tâches planifiées && set flag=0
schtasks /query /fo CSV > %outputs_folder%\scheduled_tasks.csv || set flag=1
schtasks /query /xml > %outputs_folder%\scheduled_tasks_all.xml || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Pare-feu && set flag=0
netsh advfirewall show allprofiles > %outputs_folder%\firewall_profiles.txt || set flag=1
netsh advfirewall firewall show rule name=all > %outputs_folder%\firewall_rules.txt || set flag=1
netsh advfirewall export %outputs_folder%\firewall_export.wfw || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Comptes utilisateur et politiques && set flag=0
net users > %outputs_folder%\user_accounts_local.txt || set flag=1
net localgroup > %outputs_folder%\user_group_local.txt || set flag=1
wmic useraccount where localaccount=true list full /format:csv > %outputs_folder%\user_accounts_local_full.csv || set flag=1
wmic group where localaccount=true list full /format:csv > %outputs_folder%\user_group_local_full.csv || set flag=1
net localgroup Administrators >> %outputs_folder%\user_admin_local.txt || set flag=1
net localgroup Administrateurs >> %outputs_folder%\user_admin_local.txt || set flag=1
net accounts > %outputs_folder%\user_policy.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Applications && set flag=0
wmic product list full /format:csv > %outputs_folder%\applications.csv || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Services && set flag=0
wmic service list full /format:csv > %outputs_folder%\services.csv || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Partages réseau && set flag=0
net share > %outputs_folder%\net_share.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )

echo [+] Configuration obtenue : %time_now% && echo.

echo [!] Manual Tasks >> _todo.txt
echo [+] Updates >> _todo.txt
echo     wuapp (screenshot) >> _todo.txt
echo [+] Automatic updates >> _todo.txt
echo     wuauclt /ShowOptions (screenshot) >> _todo.txt
echo [+] Firewall >> _todo.txt
echo     firewall.cpl (screenshot) >> _todo.txt
echo [+] User accounts >> _todo.txt
echo     Faire un "net user" de chaque utilisateur local (screenshot) >> _todo.txt
echo [+] System properties >> _todo.txt
echo     control system (screenshot) >> _todo.txt
echo [+] RecycleBin >> _todo.txt
echo     Contenu de la Corbeille (screenshot) >> _todo.txt
echo [+] Antivirus >> _todo.txt
echo     Antivirus : présence, protégé par un mot de passe, logiciel maintenu et à jour, base virale à jour, scans programmés, moteur heuristique ? (screenshots) >> _todo.txt
echo [+] Volumes and free space >> _todo.txt
echo     Poste de travail (screenshot) >> _todo.txt

type _todo.txt

EXIT /B
REM  -------------------------------------------------

REM --- Switch case ---
:CASE_0409
  set language=en
  GOTO END_CASE
:CASE_040C
  set language=fr
  GOTO END_CASE
:DEFAULT_CASE
  ECHO Unknown language "%locale_code%"
  set language=en
  GOTO END_CASE
:END_CASE
  VER > NUL
  GOTO :EOF
REM  -------------------------------------------------
Récupérée de « https://wiki.blaxeen.com/index.php?title=Audit_windows&oldid=4125 »