CSEC_PUBLIC/WELA
1
0
Fork 0
mirror of https://github.com/Yamato-Security/WELA.git synced 2025-12-06 09:12:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: enhance WELA.ps1 to handle empty Baseline parameter and update help messages for audit commands

Browse Source
This commit is contained in:
fukusuket
2025-10-25 09:03:00 +09:00
parent f920e9aaf6
commit 32183f0592
1 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
WELA.ps1
View File

@@ -5315,6 +5315,10 @@ function Export-MitreHeatmap {
function AuditFileSize { function AuditFileSize {
param (
[string] $Baseline = "YamatoSecurity"
)
# 対象のイベントログ名をハッシュテーブル化 # 対象のイベントログ名をハッシュテーブル化
$logNames = @{ $logNames = @{
"Application" = @("20 MB", "128 MB+") "Application" = @("20 MB", "128 MB+")
@@ -5437,8 +5441,6 @@ function ConfigureAuditSettings {
exit 1 exit 1
} }
$autidpolTxt = "./auditpol.txt" $autidpolTxt = "./auditpol.txt"
if (-not $debug) { if (-not $debug) {
Start-Process -FilePath "cmd.exe" -ArgumentList "/c chcp 437 & auditpol /get /category:* /r" -NoNewWindow -Wait -RedirectStandardOutput $autidpolTxt Start-Process -FilePath "cmd.exe" -ArgumentList "/c chcp 437 & auditpol /get /category:* /r" -NoNewWindow -Wait -RedirectStandardOutput $autidpolTxt
@@ -5814,7 +5816,7 @@ Write-Host $logo -ForegroundColor Green
switch ($Cmd.ToLower()) { switch ($Cmd.ToLower()) {
"audit-settings" { "audit-settings" {
if ($Help) { if ($Help -or [string]::IsNullOrEmpty($Baseline)){
Write-Host "Audit current Windows Event Log settings and compare with baseline" Write-Host "Audit current Windows Event Log settings and compare with baseline"
Write-Host "" Write-Host ""
Write-Host "Usage: ./WELA.ps1 audit-settings -Baseline <YamatoSecurity|ASD|Microsoft_Client|Microsoft_Server> [-OutType <std|gui|table>]" Write-Host "Usage: ./WELA.ps1 audit-settings -Baseline <YamatoSecurity|ASD|Microsoft_Client|Microsoft_Server> [-OutType <std|gui|table>]"
@@ -5825,9 +5827,6 @@ switch ($Cmd.ToLower()) {
Write-Host "" Write-Host ""
return return
} }
if ([string]::IsNullOrEmpty($Baseline)) {
$Baseline = "YamatoSecurity"
}
$validGuides = @("YamatoSecurity", "ASD", "Microsoft_Client", "Microsoft_Server") $validGuides = @("YamatoSecurity", "ASD", "Microsoft_Client", "Microsoft_Server")
if (-not ($validGuides -contains $Baseline.ToLower())) { if (-not ($validGuides -contains $Baseline.ToLower())) {
Write-Host "Invalid Guide specified. Valid options are: YamatoSecurity, ASD, Microsoft_Client, Microsoft_Server." Write-Host "Invalid Guide specified. Valid options are: YamatoSecurity, ASD, Microsoft_Client, Microsoft_Server."
@@ -5836,7 +5835,7 @@ switch ($Cmd.ToLower()) {
AuditLogSetting $OutType $Baseline $Debug AuditLogSetting $OutType $Baseline $Debug
} }
"audit-filesize" { "audit-filesize" {
if ($Help) { if ($Help -or [string]::IsNullOrEmpty($Baseline)){
Write-Host "Audit current Windows Event Log file sizes" Write-Host "Audit current Windows Event Log file sizes"
Write-Host "" Write-Host ""
Write-Host "Usage: ./WELA.ps1 audit-filesize -Baseline <YamatoSecurity>" Write-Host "Usage: ./WELA.ps1 audit-filesize -Baseline <YamatoSecurity>"
@@ -5846,11 +5845,11 @@ switch ($Cmd.ToLower()) {
Write-Host "" Write-Host ""
return return
} }
AuditFileSize AuditFileSize $Baseline
} }
"configure" { "configure" {
if ($Help) { if ($Help -or [string]::IsNullOrEmpty($Baseline)){
Write-Host "Configure Windows Event Log audit settings based on specified baseline" Write-Host "Configure Windows Event Log audit settings based on specified baseline"
Write-Host "" Write-Host ""
Write-Host "Usage: ./WELA.ps1 configure -Baseline <YamatoSecurity> [-Auto]" Write-Host "Usage: ./WELA.ps1 configure -Baseline <YamatoSecurity> [-Auto]"