CSEC_PUBLIC/WELA
1
0
Fork 0
mirror of https://github.com/Yamato-Security/WELA.git synced 2025-12-06 09:12:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: add currentsetting

Browse Source
This commit is contained in:
fukusuket
2025-05-16 18:29:05 +09:00
parent 3daf3bb055
commit 0cd793dbcb
1 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
WELA.ps1
View File

@@ -1586,11 +1586,11 @@ function GuideASD {
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1 $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled } $rules | ForEach-Object { $_.applicable = $enabled }
$current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New( $auditResult += [WELA]::New(
"PowerShell", "PowerShell",
"Module", "Module",
$auditpol[$guid], $current,
[array]$rules, [array]$rules,
"No Auditing", "No Auditing",
"Enabled", "Enabled",
@@ -1605,11 +1605,11 @@ function GuideASD {
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1 $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled } $rules | ForEach-Object { $_.applicable = $enabled }
$current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New( $auditResult += [WELA]::New(
"PowerShell", "PowerShell",
"ScriptBlock", "ScriptBlock",
$auditpol[$guid], $current,
[array]$rules, [array]$rules,
"Patially", "Patially",
"Enabled", "Enabled",
@@ -2784,11 +2784,11 @@ function GuideMSC {
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1 $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled } $rules | ForEach-Object { $_.applicable = $enabled }
$current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New( $auditResult += [WELA]::New(
"PowerShell", "PowerShell",
"Module", "Module",
$auditpol[$guid], $current,
[array]$rules, [array]$rules,
"No Auditing", "No Auditing",
"", "",
@@ -2803,11 +2803,11 @@ function GuideMSC {
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1 $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled } $rules | ForEach-Object { $_.applicable = $enabled }
$current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New( $auditResult += [WELA]::New(
"PowerShell", "PowerShell",
"ScriptBlock", "ScriptBlock",
$auditpol[$guid], $current,
[array]$rules, [array]$rules,
"Patially", "Patially",
"", "",
@@ -3982,11 +3982,11 @@ function GuideMSS {
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1 $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled } $rules | ForEach-Object { $_.applicable = $enabled }
$current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New( $auditResult += [WELA]::New(
"PowerShell", "PowerShell",
"Module", "Module",
$auditpol[$guid], $current,
[array]$rules, [array]$rules,
"No Auditing", "No Auditing",
"", "",
@@ -4001,11 +4001,11 @@ function GuideMSS {
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1 $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled } $rules | ForEach-Object { $_.applicable = $enabled }
$current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New( $auditResult += [WELA]::New(
"PowerShell", "PowerShell",
"ScriptBlock", "ScriptBlock",
$auditpol[$guid], $current,
[array]$rules, [array]$rules,
"Patially", "Patially",
"", "",