CSEC_PUBLIC/WELA
1
0
Fork 0
mirror of https://github.com/Yamato-Security/WELA.git synced 2025-12-06 09:12:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: set ideal property to true for PowerShell rules in WELA.ps1

Browse Source
This commit is contained in:
fukusuket
2025-10-13 19:50:47 +09:00
parent 980ed41f84
commit f132e167de
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
WELA.ps1
View File

@@ -397,7 +397,7 @@ function GuideYamatoSecurity
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1 $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ModuleLogging" -valueName "EnableModuleLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled } $rules | ForEach-Object { $_.applicable = $enabled }
$rules | ForEach-Object { $_.ideal = $enabled } $rules | ForEach-Object { $_.ideal = $true }
$current = if ($enabled) { "Enabled" } else { "Disabled" } $current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New( $auditResult += [WELA]::New(
"PowerShell", "PowerShell",
@@ -417,7 +417,7 @@ function GuideYamatoSecurity
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1 $enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\PowerShell\ScriptBlockLogging" -valueName "EnableScriptBlockLogging" -expectedValue 1
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid } $rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
$rules | ForEach-Object { $_.applicable = $enabled } $rules | ForEach-Object { $_.applicable = $enabled }
$rules | ForEach-Object { $_.ideal = $enabled } $rules | ForEach-Object { $_.ideal = $true }
$current = if ($enabled) { "Enabled" } else { "Disabled" } $current = if ($enabled) { "Enabled" } else { "Disabled" }
$auditResult += [WELA]::New( $auditResult += [WELA]::New(
"PowerShell", "PowerShell",