Audit windows
De BlaxWiki
Révision datée du 16 janvier 2017 à 11:09 par 127.0.0.1 (discussion) (Page créée avec « Ce script sert à récuperer divers information qui peuvent etre nécessaire pour un audit <pre> @@echo off REM REM Script de récupération de configuration REM Systèm... »)
Ce script sert à récuperer divers information qui peuvent etre nécessaire pour un audit
@@echo off
REM
REM Script de récupération de configuration
REM Systèmes d'exploitation Windows
REM Testé compatible pour :
REM Windows 7
REM Windows Server (2008 R2, 2012)
REM
REM Auteurs :
REM Walid Arnoult
REM Aurélien Marteau
echo.
echo Script d'audit de configuration Windows, par Intrinsec
set time_now=%date:~6,4%-%date:~3,2%-%date:~0,2%_%time:~0,2%%time:~3,2%%time:~6,2%
set time_now=%time_now: =0%
set logon_server=%LOGONSERVER%
set user_name=%USERNAME%
set computer_name=%COMPUTERNAME%
set outputs_folder=Intrinsec_Windows_%COMPUTERNAME%_%time_now%
echo [+] Début de l'audit audit : %time_now%
echo [+] Création du dossier [%outputs_folder%]
mkdir %outputs_folder%
FOR /F "tokens=3 delims= " %%G in ('reg query "hklm\system\controlset001\control\nls\language" /v Installlanguage') DO (set locale_code=%%G)
2>NUL CALL :CASE_%locale_code%
IF ERRORLEVEL 1 CALL :DEFAULT_CASE
echo [+] Utilisateur courant && set flag=0
whoami /all > %outputs_folder%\whoami_all.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Informations système && set flag=0
systeminfo > %outputs_folder%\systeminfo.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Configuration réseau && set flag=0
ipconfig /all > %outputs_folder%\ipconfig_all.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Mises à jour && set flag=0
wmic qfe list full /format:csv > %outputs_folder%\updates_list.csv || set flag=1
sc qc wuauserv > %outputs_folder%\updates_WinUpdate.txt || set flag=1
reg query "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" >> %outputs_folder%\updates_registry_options.txt || set flag=1
reg query "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU" >> %outputs_folder%\updates_registry_options.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Processus && set flag=0
tasklist > %outputs_folder%\processus.txt
wmic process list full /format:csv > %outputs_folder%\processus.csv || set flag=1
wmic startup list full /format:csv > %outputs_folder%\processus_startup.csv || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Boot && set flag=0
bcdedit /enum {bootmgr} >> %outputs_folder%\bcdedit.txt || set flag=1
bcdedit /enum {current} >> %outputs_folder%\bcdedit.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Domaine && set flag=0
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters" > %outputs_folder%\tcpip.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Politiques d'audit && set flag=0
auditpol /get /category:* > %outputs_folder%\audit_policies.txt || set flag=1
secedit /export /cfg %outputs_folder%\security_policies.inf.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Journalisation && set flag=0
wevtutil get-log Application >> %outputs_folder%\log_Application.txt || set flag=1
wevtutil get-log Security >> %outputs_folder%\log_Security.txt || set flag=1
wevtutil get-log System >> %outputs_folder%\log_System.txt || set flag=1
wevtutil qe Application /c:100 /f:text /rd:true >> %outputs_folder%\log_Application.txt || set flag=1
wevtutil qe Security /c:100 /f:text /rd:true >> %outputs_folder%\log_Security.txt || set flag=1
wevtutil qe System /c:100 /f:text /rd:true >> %outputs_folder%\log_System.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Tâches planifiées && set flag=0
schtasks /query /fo CSV > %outputs_folder%\scheduled_tasks.csv || set flag=1
schtasks /query /xml > %outputs_folder%\scheduled_tasks_all.xml || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Pare-feu && set flag=0
netsh advfirewall show allprofiles > %outputs_folder%\firewall_profiles.txt || set flag=1
netsh advfirewall firewall show rule name=all > %outputs_folder%\firewall_rules.txt || set flag=1
netsh advfirewall export %outputs_folder%\firewall_export.wfw || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Comptes utilisateur et politiques && set flag=0
net users > %outputs_folder%\user_accounts_local.txt || set flag=1
net localgroup > %outputs_folder%\user_group_local.txt || set flag=1
wmic useraccount where localaccount=true list full /format:csv > %outputs_folder%\user_accounts_local_full.csv || set flag=1
wmic group where localaccount=true list full /format:csv > %outputs_folder%\user_group_local_full.csv || set flag=1
net localgroup Administrators >> %outputs_folder%\user_admin_local.txt || set flag=1
net localgroup Administrateurs >> %outputs_folder%\user_admin_local.txt || set flag=1
net accounts > %outputs_folder%\user_policy.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Applications && set flag=0
wmic product list full /format:csv > %outputs_folder%\applications.csv || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Services && set flag=0
wmic service list full /format:csv > %outputs_folder%\services.csv || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Partages réseau && set flag=0
net share > %outputs_folder%\net_share.txt || set flag=1
if %flag% == 0 ( echo [+] Task Successful && echo. ) else ( echo [!] Task Unsuccessful && echo. )
echo [+] Configuration obtenue : %time_now% && echo.
echo [!] Manual Tasks >> _todo.txt
echo [+] Updates >> _todo.txt
echo wuapp (screenshot) >> _todo.txt
echo [+] Automatic updates >> _todo.txt
echo wuauclt /ShowOptions (screenshot) >> _todo.txt
echo [+] Firewall >> _todo.txt
echo firewall.cpl (screenshot) >> _todo.txt
echo [+] User accounts >> _todo.txt
echo Faire un "net user" de chaque utilisateur local (screenshot) >> _todo.txt
echo [+] System properties >> _todo.txt
echo control system (screenshot) >> _todo.txt
echo [+] RecycleBin >> _todo.txt
echo Contenu de la Corbeille (screenshot) >> _todo.txt
echo [+] Antivirus >> _todo.txt
echo Antivirus : présence, protégé par un mot de passe, logiciel maintenu et à jour, base virale à jour, scans programmés, moteur heuristique ? (screenshots) >> _todo.txt
echo [+] Volumes and free space >> _todo.txt
echo Poste de travail (screenshot) >> _todo.txt
type _todo.txt
EXIT /B
REM -------------------------------------------------
REM --- Switch case ---
:CASE_0409
set language=en
GOTO END_CASE
:CASE_040C
set language=fr
GOTO END_CASE
:DEFAULT_CASE
ECHO Unknown language "%locale_code%"
set language=en
GOTO END_CASE
:END_CASE
VER > NUL
GOTO :EOF
REM -------------------------------------------------
