CSEC_PUBLIC/WELA
1
0
Fork 0
mirror of https://github.com/Yamato-Security/WELA.git synced 2025-12-06 01:02:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: add currentsetting

Browse Source
This commit is contained in:
fukusuket
2025-05-16 18:29:05 +09:00
parent 3daf3bb055
commit 0cd793dbcb
1 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
WELA.ps1
View File

@@ -1586,11 +1586,11 @@ function GuideASD {
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled }
$current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New(
"PowerShell",
"Module",
$auditpol[$guid],
$current,
[array]$rules,
"No Auditing",
"Enabled",
@@ -1605,11 +1605,11 @@ function GuideASD {
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled }
$current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New(
"PowerShell",
"ScriptBlock",
$auditpol[$guid],
$current,
[array]$rules,
"Patially",
"Enabled",
@@ -2784,11 +2784,11 @@ function GuideMSC {
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled }
$current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New(
"PowerShell",
"Module",
$auditpol[$guid],
$current,
[array]$rules,
"No Auditing",
"",
@@ -2803,11 +2803,11 @@ function GuideMSC {
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled }
$current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New(
"PowerShell",
"ScriptBlock",
$auditpol[$guid],
$current,
[array]$rules,
"Patially",
"",
@@ -3982,11 +3982,11 @@ function GuideMSS {
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled }
$current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New(
"PowerShell",
"Module",
$auditpol[$guid],
$current,
[array]$rules,
"No Auditing",
"",
@@ -4001,11 +4001,11 @@ function GuideMSS {
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled }
$current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New(
"PowerShell",
"ScriptBlock",
$auditpol[$guid],
$current,
[array]$rules,
"Patially",
"",