windows等保安全检查脚本

最新推荐文章于 2025-03-13 22:19:20 发布
最新推荐文章于 2025-03-13 22:19:20 发布
阅读量940 收藏 1
点赞数
CC 4.0 BY-SA版权
文章标签: 运维 网络 shell linux mooc
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/weixin_45926849/article/details/110185386
本文提供了一个用于检查Windows系统安全配置的VBS脚本。该脚本覆盖了多个安全方面,包括账号管理、注册表设置、日志记录、防火墙状态及审核策略等,并能够输出合规性评估。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

for win2008,win2012

保存为VBS格式。

管理员权限CMD执行cscript+脚本名

=============================================================

On Error Resume Next
Set p = CreateObject(“WScript.Shell”).Exec(“%COMSPEC% /c Md c:\test3”)
On Error GoTo 0

Set p = CreateObject(“WScript.Shell”).Exec(“%COMSPEC% /c secedit /export /cfg c:\test3\2.inf”)

WScript.Sleep 200

strIniFile = “C:\test3\2.inf”
Set WshShell = Wscript.CreateObject(“Wscript.Shell”)
strAdmi = ReadINI(strIniFile, “System Access”, “NewAdministratorName”)
strGues = ReadINI(strIniFile, “System Access”, “EnableGuestAccount”)
strPassCom = ReadINI(strIniFile, “System Access”, “PasswordComplexity”)
strMaxPassAge = ReadINI(strIniFile, “System Access”, “MaximumPasswordAge”)
strLockOut = ReadINI(strIniFile, “System Access”, “LockoutBadCount”)
strRemoteShutDown = ReadINI(strIniFile, “Privilege Rights”, “SeRemoteShutdownPrivilege”)
strShutdownPrivilege = ReadINI(strIniFile, “Privilege Rights”, “SeShutdownPrivilege”)
strTakeOwnershipPrivilege = ReadINI(strIniFile, “Privilege Rights”, “SeTakeOwnershipPrivilege”)
strDontDisplayLastUserName = ReadINI(strIniFile, “Registry Values”, “MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName”)
strDisableDomainCreds = ReadINI(strIniFile, “Registry Values”, “MACHINE\System\CurrentControlSet\Control\Lsa\DisableDomainCreds”)
strDenyNetworkLogonRight = ReadINI(strIniFile, “Privilege Rights”, “SeDenyNetworkLogonRight”)

IntMaxPassAge = cint(strMaxPassAge)
If IntMaxPassAge <= 90 Then
strMaxPassAge = “Maximum Password Age is no more than 90 days(comply)”
Else
strMaxPassAge = “Maximum Password Age is  more than 90 days(not comply)”
End If

IntLockOut = cint(strLockOut)
If IntLockOut <= 6 Then
strLockOut = “Account lockout threshold no more than 6 invalid logon attempts(comply)”
Else
strLockOut = “Account lockout threshold  more than 6 invalid logon attempts(not comply)”
End If

If strAdmi = “””Administrator””” Then
strAdmi = “AdministratorName has not been changed(not comply)”
Else
strAdmi = “AdministratorName has been changed(comply)”
End If

j = Instr(strDenyNetworkLogonRight,”Guest”)
If j > 0 Then
strDenyNetworkLogonRight = “Guest is included in DenyNetworkLogonRight (comply)”
Else
strDenyNetworkLogonRight = “Guest is not included in DenyNetworkLogonRight (not comply)”
End If
j = Instr(strDontDisplayLastUserName,”0″)
If j > 0 Then
strDontDisplayLastUserName = “Don’t display last user name is disabled(not comply)”
Else
strDontDisplayLastUserName = “Don’t display last user name is enabled(comply)”
End If
j = Instr(strDisableDomainCreds,”0″)
If j > 0 Then
strDisableDomainCreds = “Do not allow storage of passwords and credentials for network authentication is disabled(not comply)”
Else
strDisableDomainCreds = “Do not allow storage of passwords and credentials for network authentication is enabled(comply)”
End If

j = Instr(strGues,”0″)
If j > 0 Then
strGues = “Guest account status is disabled(comply)”
Else
strGues = “Guest account status is enabled(not comply)”
End If

j = Instr(strPassCom,”0″)
If j > 0 Then
strPassCom = “Password must meet complexity requirements is disabled(not comply)”
Else
strPassCom = “Password must meet complexity requirements is enabled(comply)”
End If

j = Instr(strShutdownPrivilege,”,”)
If j > 0 Then
strShutdownPrivilege = “More than one has shut down the system Privilege(not comply) ”
Else
strShutdownPrivilege = “Only administrator has shut down the system Privilege(comply) ”
End If

j = Instr(strTakeOwnershipPrivilege,”,”)
If j > 0 Then
strTakeOwnershipPrivilege = “More than one has take ownership of files or other objects Privilege(not comply)”
Else
strTakeOwnershipPrivilege = “Only administrator has take ownership of files or other objects Privilege(comply)”
End If

j = Instr(strRemoteShutDown,”,”)
If j > 0 Then
strRemoteShutDown = “More than one has force shutdown from a remote system Privilege(not comply)”
Else
strRemoteShutDown = “Only administrator has force shutdown from a remote system Privilege(comply)”
End If

Wscript.Echo   strDisableDomainCreds & vbCrLf & strDenyNetworkLogonRight & vbCrLf &strDontDisplayLastUserName & vbCrLf & strShutdownPrivilege & vbCrLf &strTakeOwnershipPrivilege & vbCrLf &strRemoteShutDown & vbCrLf & strLockOut & vbCrLf & strAdmi & vbCrLf & strGues & vbCrlf & strPassCom & vbCrLf & strMaxPassAge

RegValue = “”
On Error Resume Next
RegValue = CreateObject(“Wscript.Shell”).RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\AutoShareSever”)
On Error GoTo 0
If RegValue = “” Then
RegValue = “AutoShare need is not shutted down(not comply)”
Else
j = Instr(RegValue,”0″)
If j > 0 Then
RegValue = “AutoShare is shutted down(comply)”
Else
RegValue = “AutoShare is not shutted down(not comply)”
End If
End If

Wscript.Echo RegValue

RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun”)
On Error GoTo 0
j = Instr(RegValue,”255″)
If j > 0 Then
Wscript.Echo “AutoPlay Disabled(comply)”
Else
Wscript.Echo “AutoPlay Enabled(not comply)”
End If

RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities\public”)
On Error GoTo 0
If RegValue = “” Then
RegValue = “community string is not public  or snmp  not started(not comply)”
Else
RegValue = “community string is public(comply)”
End If
Wscript.Echo RegValue

RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\application\Maxsize”)
On Error GoTo 0
If RegValue < 8388608 Then
RegValue = “Application Log MaxSize is lower than 8192KB(not comply)”
Else
RegValue = “Application Log MaxSize is not lower than 8192KB(comply)”
End If
Wscript.Echo RegValue

RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\application\Retention”)
On Error GoTo 0
If RegValue = 0 Then
RegValue = “Application Log retention is true(comply)”
Else
RegValue = “Application Log retention is false(not comply)”
End If
Wscript.Echo RegValue

RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Maxsize”)
On Error GoTo 0
If RegValue < 8388608 Then
RegValue = “Security Log MaxSize is lower than 8192KB(not comply)”
Else
RegValue = “Security Log MaxSize is not lower than 8192KB(comply)”
End If
Wscript.Echo RegValue

RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\Retention”)
On Error GoTo 0
If RegValue = 0 Then
RegValue = “Security Log retention is true(comply)”
Else
RegValue = “Security Log retention is false(not comply)”
End If
Wscript.Echo RegValue

RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Maxsize”)
On Error GoTo 0
If RegValue < 8388608 Then
RegValue = “System Log MaxSize is lower than 8192KB(not comply)”
Else
RegValue = “System Log MaxSize is not lower than 8192KB(comply)”
End If
Wscript.Echo RegValue

RegValue = “”
On Error Resume Next
RegValue = WshShell.RegRead(“HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\Retention”)
On Error GoTo 0
If RegValue = 0 Then
RegValue = “System Log retention is true(comply)”
Else
RegValue = “System Log retention is false(not comply)”
End If
Wscript.Echo RegValue
Set p = CreateObject(“Wscript.Shell”).Exec(“%COMSPEC% /c sc query MpsSvc”)
Do While p.Status = 0
WScript.Sleep 100
Loop
Do While p.StdOut.AtEndOfStream = False

str = p.StdOut.Readline()
j = Instr(str,”STATE”)
If j > 0 Then
h = Instr(str,”1″)
If h > 0 Then
Wscript.echo “firewall not on(not comply)”
Else
Set m = CreateObject(“WScript.Shell”).Exec(“%COMSPEC% /c netsh advfirewall show currentprofile”)
Do While m.Status = 0
WScript.Sleep 100
Loop
Do While m.StdOut.AtEndOfStream = False

str1 = m.StdOut.Readline()
If Instr(str1,”状态”) > 0 Then
If Instr(str1,”启用”) > 0 Then
Wscript.Echo “firewall currentProfile is on(comply)”
Else
Wscript.Echo “firewall currentProfile is off(not comply)”
End If
End If

Loop
End If
End If

Loop

Set p = CreateObject(“WScript.Shell”).Exec(“%COMSPEC% /c auditpol /get /category:*”)
Do While p.Status = 0
WScript.Sleep 100
Loop
Do While p.StdOut.AtEndOfStream = False

str = p.StdOut.Readline()
If Instr(str,”凭据验证”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Credential Vaildation Success and Failure(comply)”
Else
Wscript.Echo “Credential Vaildation not Success and Failure(not comply)”
End If
ElseIf Instr(str,”Kerberos 身份验证服务”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Kerberos Authentication Service Success and Failure(comply)”
Else
Wscript.Echo “Kerberos Authentication Service not Success and Failure(not comply)”
End If
ElseIf Instr(str,”计算机帐户管理”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Computer Account Management Success and Failure(comply)”
Else
Wscript.Echo “Computer Account Management not Success and Failure(not comply)”
End If
ElseIf Instr(str,”安全组管理”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Security Group Management Success and Failure(comply)”
Else
Wscript.Echo “Security Group Management not Success and Failure(not comply)”
End If
ElseIf Instr(str,”用户帐户管理”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “User Account Management Success and Failure(comply)”
Else
Wscript.Echo “User Account Management not Success and Failure(not comply)”
End If
ElseIf Instr(str,”目录服务更改”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Directory Service Changes Success and Failure(comply)”
Else
Wscript.Echo “Directory Service Changes not Success and Failure(not comply)”
End If
ElseIf Instr(str,”  登录”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Logon Success and Failure(comply)”
Else
Wscript.Echo “Logon not Success and Failure(not comply)”
End If
ElseIf Instr(str,”网络策略服务器”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Network Policy Server Success and Failure(comply)”
Else
Wscript.Echo “Network Policy Server not Success and Failure(not comply)”
End If
ElseIf Instr(str,”  特殊登录”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Special Logon Success and Failure(not comply)”
ElseIf Instr(str, “成功”) > 0 Then
Wscript.Echo “Special Logon Success(comply)”
Else
Wscript.Echo “Special Logon not Success(not comply)”
End If
ElseIf Instr(str,”文件系统”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “File System Success and Failure(comply)”
Else
Wscript.Echo “File System not Success and Failure(not comply)”
End If
ElseIf Instr(str,”审核策略更改”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Audit Policy Change Success and Failure(comply)”
Else
Wscript.Echo “Audit Policy Change not Success and Failure(not comply)”
End If
ElseIf Instr(str,”身份验证策略更改”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Authentication Policy Change Success and Failure(comply)”
Else
Wscript.Echo “Authentication Policy Change not Success and Failure(not comply)”
End If
ElseIf Instr(str,” 敏感权限使用               “) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Sensitive Privilege use Success and Failure(comply)”
Else
Wscript.Echo “Sensitive Privilege use not Success and Failure(not comply)”
End If
ElseIf Instr(str,”其他系统事件”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Other System Events Success and Failure(comply)”
Else
Wscript.Echo “Other System Events not Success and Failure(not comply)”
End If
ElseIf Instr(str,”安全状态更改”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “Security State Change Success and Failure(comply)”
Else
Wscript.Echo “Security State Change not Success and Failure(not comply)”
End If
ElseIf Instr(str,”系统完整性”) > 0 Then
If Instr(str, “成功和失败”) > 0 Then
Wscript.Echo “System Integrity Success and Failure(comply)”
Else
Wscript.Echo “System Integrity not Success and Failure(not comply)”
End If
End If

Loop

Function ReadInI(strIniFilePath, strPrimary, strSubKey)
Dim objStream
Set objStream = CreateObject(“ADODB.Stream”)
With objStream
.Type = 2
.Mode = 3
.Open
.Charset = “Unicode”
.LoadFromFile strIniFilePath
strText = .ReadText
.Close
End With
Set objStream = Nothing
arrText = Split(strText, vbCrLf)
For Each strLine In arrText
If intCount = 0 Then
If strLine = “[” & strPrimary & “]” Then
intCount = 1
End If
Else
If Left(strLine,1) = “[” Then Exit For
j = InStr(strLine, “=”)
If j > 0 Then
If InStr(Left(strLine, j), strSubKey) > 0 Then
ReadInI = Trim(Right(strLine, Len(strLine) – InStr(strLine, “=”)))
Exit For
End If
End If
End If
Next
End Function

=================================

安全检查, 等保, 脚本

Xampp 1.7.1 是最后一个支持Zend Optimizer的版本 linux安全运维命令

等保要求的 linux 系统扫描脚本
哈哈虎的博客
04-14 742
等保要求的 linux 系统扫描脚本
[等保]linux主机检查脚本.sh
10-19
等保linux主机检查脚本
等保常见要求,windows守护进程安全守护脚本例子
03-01
等保常见要求,windows守护进程安全守护脚本例子,可以在应用挂了之后自动启动
Linux服务器等保加固脚本/检测脚本
NatChan的博客
04-11 1526
Linux服务器等保加固脚本/检测脚本
分享几个操作系统等保整改实用的脚本
zo2k123的博客
09-25 1294
等保服务器安全要求实用脚本windowslinux系统下查找有效用户和查找不活跃用户
等保三级Windows基线检测脚本.ps1
11-17
等保三级Windows基线检测脚本.ps1,这个是检测的脚本。另一个是加固的脚本
Windows基线检查脚本
02-18
Windows基线检查脚本是一种用于自动化检测Windows操作系统安全配置的工具,它基于一组预设的安全标准或基线,来评估系统是否符合最佳实践的安全要求。该脚本的目的是帮助管理员确保所有的Windows系统都达到了企业或...
Windows安全核查工具脚本.bat
09-26
Windows安全核查工具脚本
【自动化脚本】适用于Windows Server 2012的服务器安全加固脚本
10-08
适用于Windows Server 2012的安全加固脚本。1.关闭不要的服务;2.阻止危险端口;3.必备的安全策略(密码、审核等),可以添加其他功能。
等保要求中需要配置window系统各个用户及组脚本例子
03-01
等保要求中需要配置window系统各个用户及组脚本例子,适用于windows server 2008
windows服务器配置核查脚本
02-10
用于核查windows服务器的运行状况,然后针对结果再寻找对应的补丁
加固&检查脚本.md
07-14
服务器安全,关乎一个公司的,运行,和稳定。是一个 IT 公司的基础命脉,需要好好守护哦,安全脚本已写好,
linux系统检查脚本
10-27
下载执行脚本后,可查生成log记录,查看linux服务器的CPU、内存、磁盘等各项服务情况,很全面
windows基线脚本.zip
01-10
因为工作的原因,要写windows下的基线检查脚本。之前没接触过,在网上找了半天也没找到现成的,无奈只好自己研究,最后还是成功完成了工作。可用于windows服务器,apache,iis的基线扫描检查
Linuxwindows 基线检查工具脚本
10-15
windowslinux两个脚本,可以排查目标服务器上存在的安全合规问题。快速排查。
windows基线检查脚本_迈出等保合规的稳健一步:安全基线做好了吗?
weixin_39624367的博客
11-22 1476
网络安全建设总是需要按照一定的规范要求来进行,比如等保2.0、CIS安全标准等;通常来说,这些标准是一个系统保持安全稳定运行所需的“最低安全标准”,也就是所谓的“安全基线”。安全基线工作有什么阻碍?完整的安全基线内容主要由三方面必须满足的最低要求组成:系统存在的安全漏洞、系统配置的脆弱性、系统状态的监控。安全基线通过安全合规管理机制判断用户的应用环境安全是否达标,提供一个信息系统所需的最基本的安全...
等保测评linux脚本,等保测评主机安全:centos访问控制(续)
weixin_35011928的博客
05-06 583
原标题:等保测评主机安全:centos访问控制(续)一、说明权限控制在等保测评里仅仅说了要求,但是怎么落地却基本没写,怎么说呢,比较抽象。所以,我觉得还是有必要了解一下centos系统大概有什么方法可以实现对用户的权限控制,不至于测评的时候完全不知道怎么测。这里我把我现在知道的关于权限控制的方法都列举出来,供大家参考参考。这里是访问控制的上一篇文章,大家可以先看看上一篇:等保测评主机安全:Cent...
推荐一款 Linux 服务器等保加固脚本/检测脚本
最新发布
民工哥的博客
03-13 119
戳下方名片,关注并星标!回复“1024”获取2TB学习资源!????体系化学习:运维工程师打怪升级进阶之路 4.0— 特色专栏—MySQL/PostgreSQL/MongoDBElasticSearch/Hadoop/RedisKubernetes/Docker/DevOpsKafka/RabbitMQ/Zookeeper监控平台/应用与服务/集群管理N...
哈尔滨等保评测这些 Linux 脚本很有用,赶紧收藏起来!
weixin_45840241的博客
04-17 725
Linux 脚本?准确的说叫 Linux Shell 脚本Shell 脚本是一种被设计用来运行命令行解释器,他是 Linux 系统的一大特色之一。命令行是 Linux 系统中一种非常重要的交互方式,而它的实现基于 Linux 内核和 Shell 程序,为用户提供了强大和灵活的操作方式。使用 Linux 系统会点 Linux 脚本非常有用,它可以让你的工作即轻松又高效!
Windows安全核查工具脚本:一键执行的等保三级测评
在`win2k3`标签下,继续进行Windows 2003系统的具体安全检查。 这个Windows安全核查工具脚本提供了一个系统化的安全评估框架,主要用于Windows 2003和2008版本,通过自动化收集关键网络配置信息,并提示用户参与...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

huike008

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值