CSEC_PUBLIC/WELA
1
0
Fork 0
mirror of https://github.com/Yamato-Security/WELA.git synced 2025-12-06 09:12:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: add Set-RegistryConfig function for streamlined registry configuration in WELA.ps1

Browse Source
This commit is contained in:
fukusuket
2025-11-08 09:15:46 +09:00
parent a6b07b5f1a
commit 22b469cb5e
1 changed files with 57 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
WELA.ps1
View File

@@ -5510,6 +5510,51 @@ function UpdateRules {
} }
} }
function Set-RegistryConfig {
param (
[Parameter(Mandatory = $true)]
[array]$RegPaths,
[Parameter(Mandatory = $false)]
[switch]$Auto
)
foreach ($reg in $RegPaths) {
try {
$currentValue = "Not Set"
if (Test-Path $reg.Path) {
$prop = Get-ItemProperty -Path $reg.Path -Name $reg.Name -ErrorAction SilentlyContinue
if ($prop) {
$currentValue = $prop.$($reg.Name)
}
}
Write-Host "Registry: $($reg.Path) Value: $($reg.Name)"
if ($currentValue -eq $reg.Value) {
Write-Host "[SKIPPED] $($reg.Name) : Already set to $($reg.Value)." -ForegroundColor Yellow
Write-Host ""
continue
}
if ($Auto) {
$response = "Y"
} else {
$response = Read-Host "Your current setting is $currentValue. Do you want to change it to $( $reg.Value )? (Y/n)"
}
if ($response -eq "" -or $response -eq "Y" -or $response -eq "y") {
New-Item -Path $reg.Path -Force | Out-Null
Set-ItemProperty -Path $reg.Path -Name $reg.Name -Value $reg.Value -Type DWord
Write-Host "[OK] Set $($reg.Name)" -ForegroundColor Green
} else {
Write-Host "[SKIPPED] $($reg.Name)" -ForegroundColor Yellow
}
}
catch {
Write-Host "[ERROR] Failed to set registry: $_" -ForegroundColor Red
}
Write-Host ""
}
}
function ConfigureAuditSettings { function ConfigureAuditSettings {
param ( param (
[string] $Baseline = "YamatoSecurity", [string] $Baseline = "YamatoSecurity",
@@ -5663,40 +5708,7 @@ function ConfigureAuditSettings {
@{Path = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging"; Name = "EnableModuleLogging"; Value = 1}, @{Path = "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging"; Name = "EnableModuleLogging"; Value = 1},
@{Path = "HKLM:\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging"; Name = "EnableScriptBlockLogging"; Value = 1} @{Path = "HKLM:\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging"; Name = "EnableScriptBlockLogging"; Value = 1}
) )
Set-RegistryConfig -RegPaths $regPaths -Auto:$Auto
foreach ($reg in $regPaths) {
try {
$currentValue = "Not Set"
if (Test-Path $reg.Path) {
$prop = Get-ItemProperty -Path $reg.Path -Name $reg.Name -ErrorAction SilentlyContinue
if ($prop) {
$currentValue = $prop.$($reg.Name)
}
}
Write-Host "Registry: $($reg.Path) Value: $($reg.Name)"
if ($currentValue -eq $reg.Value) {
Write-Host "[SKIPPED] $($reg.Name) : Already set to $($reg.Value)." -ForegroundColor Yellow
Write-Host ""
continue
}
if ($Auto) {
$response = "Y"
} else {
$response = Read-Host "Your current setting is $currentValue. Do you want to change it to $( $reg.Value )? (Y/n)"
}
if ($response -eq "" -or $response -eq "Y" -or $response -eq "y") {
New-Item -Path $reg.Path -Force | Out-Null
Set-ItemProperty -Path $reg.Path -Name $reg.Name -Value $reg.Value -Type DWord
Write-Host "[OK] Set $($reg.Name)" -ForegroundColor Green
} else {
Write-Host "[SKIPPED] $($reg.Name)" -ForegroundColor Yellow
}
}
catch {
Write-Host "[ERROR] Failed to set registry: $_" -ForegroundColor Red
}
Write-Host ""
}
# モジュール名レジストリの設定 # モジュール名レジストリの設定
try { try {
@@ -5789,6 +5801,16 @@ function ConfigureAuditSettings {
} }
Write-Host "" Write-Host ""
# NTLM認証の監査設定
Write-Host "Configuring NTLM Audit Settings..."
Write-Host ""
$regPaths = @(
@{Path = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0"; Name = "RestrictSendingNTLMTraffic"; Value = 2},
@{Path = "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0"; Name = "AuditReceivingNTLMTraffic"; Value = 2},
@{Path = "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters"; Name = "AuditNTLMInDomain"; Value = 2}
)
Set-RegistryConfig -RegPaths $regPaths -Auto:$Auto
# 監査ポリシーの設定 # 監査ポリシーの設定
Write-Host "Configuring Audit Policies..." Write-Host "Configuring Audit Policies..."
Write-Host "" Write-Host ""
@@ -5797,6 +5819,7 @@ function ConfigureAuditSettings {
@{Category = "Account Logon"; Name = "Kerberos Authentication Service"; GUID = "0CCE9242-69AE-11D9-BED3-505054503030"}, @{Category = "Account Logon"; Name = "Kerberos Authentication Service"; GUID = "0CCE9242-69AE-11D9-BED3-505054503030"},
@{Category = "Account Logon"; Name = "Kerberos Service Ticket Operations"; GUID = "0CCE9240-69AE-11D9-BED3-505054503030"}, @{Category = "Account Logon"; Name = "Kerberos Service Ticket Operations"; GUID = "0CCE9240-69AE-11D9-BED3-505054503030"},
@{Category = "Account Management"; Name = "Computer Account Management"; GUID = "0CCE9236-69AE-11D9-BED3-505054503030"}, @{Category = "Account Management"; Name = "Computer Account Management"; GUID = "0CCE9236-69AE-11D9-BED3-505054503030"},
@{Category = "Account Management"; Name = "Distribution Group Management"; GUID = "0CCE9238-69AE-11D9-BED3-505054503030"},
@{Category = "Account Management"; Name = "Other Account Management Events"; GUID = "0CCE923A-69AE-11D9-BED3-505054503030"}, @{Category = "Account Management"; Name = "Other Account Management Events"; GUID = "0CCE923A-69AE-11D9-BED3-505054503030"},
@{Category = "Account Management"; Name = "Security Group Management"; GUID = "0CCE9237-69AE-11D9-BED3-505054503030"}, @{Category = "Account Management"; Name = "Security Group Management"; GUID = "0CCE9237-69AE-11D9-BED3-505054503030"},
@{Category = "Account Management"; Name = "User Account Management"; GUID = "0CCE9235-69AE-11D9-BED3-505054503030"}, @{Category = "Account Management"; Name = "User Account Management"; GUID = "0CCE9235-69AE-11D9-BED3-505054503030"},