CSEC_PUBLIC/WELA
1
0
Fork 0
mirror of https://github.com/Yamato-Security/WELA.git synced 2025-12-06 09:12:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: check size setting

Browse Source
This commit is contained in:
fukusuket
2025-04-17 23:44:26 +09:00
parent ad54ac54d7
commit 5cfff69738
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
WELA.ps1
View File

@@ -1440,7 +1440,7 @@ function AuditFileSize {
"Microsoft-Windows-Bits-Client/Operational" = @("1MB", "128MB+") "Microsoft-Windows-Bits-Client/Operational" = @("1MB", "128MB+")
"Microsoft-Windows-CodeIntegrity/Operational" = @("1MB", "128MB+") "Microsoft-Windows-CodeIntegrity/Operational" = @("1MB", "128MB+")
"Microsoft-Windows-DriverFrameworks-UserMode/Operational" = @("1MB", "128MB+") "Microsoft-Windows-DriverFrameworks-UserMode/Operational" = @("1MB", "128MB+")
"Microsoft-Windows-PowerShell/Operational" = @("20MB", "TBD") "Microsoft-Windows-PowerShell/Operational" = @("20MB", "256MB+")
"Microsoft-Windows-PrintService/Admin" = @("1MB", "128MB+") "Microsoft-Windows-PrintService/Admin" = @("1MB", "128MB+")
"Microsoft-Windows-PrintService/Operational" = @("1MB", "128MB+") "Microsoft-Windows-PrintService/Operational" = @("1MB", "128MB+")
"Microsoft-Windows-Security-Mitigations/KernelMode" = @("1MB", "128MB+") "Microsoft-Windows-Security-Mitigations/KernelMode" = @("1MB", "128MB+")
@@ -1452,7 +1452,7 @@ function AuditFileSize {
"Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" = @("1MB", "256MB+") "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" = @("1MB", "256MB+")
"Security" = @("20MB", "256MB+") "Security" = @("20MB", "256MB+")
"System" = @("20MB", "128MB+") "System" = @("20MB", "128MB+")
"Windows PowerShell" = @("15MB", "TBD") "Windows PowerShell" = @("15MB", "256MB+")
} }
$results = @() $results = @()
@@ -1461,10 +1461,10 @@ function AuditFileSize {
$logInfo = Get-WinEvent -ListLog $logName -ErrorAction Stop $logInfo = Get-WinEvent -ListLog $logName -ErrorAction Stop
$results += [PSCustomObject]@{ $results += [PSCustomObject]@{
LogName = $logInfo.LogName LogName = $logInfo.LogName
LogSize = "{0:N2} MB" -f ($logInfo.FileSize / 1MB) CurrentLogSize = "{0:N2} MB" -f ($logInfo.FileSize / 1MB)
MaxLogSize = "{0:N2} MB" -f ($logInfo.MaximumSizeInBytes / 1MB) MaxLogSize = "{0:N2} MB" -f ($logInfo.MaximumSizeInBytes / 1MB)
Description1 = $logNames[$logName][0] # Default = $logNames[$logName][0] #
Description2 = $logNames[$logName][1] # Recommended = $logNames[$logName][1] #
} }
} }