mysql等保测评命令_安全计算环境-⼆级等级保护测评指导和瑞士景点
⾃动化脚本
@echo offfor /f "tokens=4" %%a in ('route print^|findstr 0.0.0.0.*0.0.0.0') do (if not "%%a" == "默认" t IPaddress=%%a)cd C:\md %IPaddress%cd %IPaddress%echo 1.系统信息(CreatedbyG) > %IPaddress%systeminfo >> %IPaddress%echo 2.⽹卡信息(CreatedbyG) >> %IPaddress%ipconfig >> %IPaddress%echo 3.监听端⼝(CreatedbyG) >> %IPaddress%netstat -an | find "LISTENING" >> %IPaddress%echo 4.系统服务(CreatedbyG) >> %IPaddress%net start >> %IPaddress%echo 5.系统进程(CreatedbyG) >> %IPaddress%tasklist >> %IPaddress%echo 6.软件列表(CreatedbyG) >> %IPaddress%for /f "tokens=3
delims=\" %%i in ('reg query HKLM\SOFTWARE') do (>> %IPaddress% echo ******************>> %IPaddress% echo 软件名称:%%i>> %IPaddress% echo ******************if not "%%i"=="Class" for /f "tokens=4 delims=\" %%j in ('reg query
HKLM\SOFTWARE\%%i 2^>nul') do (echo 软件信息: %%j>> %IPaddress%))echo 7.本地策略(CreatedbyG) >>
%IPaddress%cedit /export /cfg C:\ho ---密码策略--- >> %IPaddress%echo "0表⽰禁⽤,1表⽰启⽤" >>
%IPaddress%echo *密码必须符合复杂性要求* >> %IPaddress%find "PasswordComplexity" C:\ |find "PasswordComplexity = ">> %IPaddress%echo *密码长度最⼩值* >> %IPaddress%find "MinimumPasswordLength"
C:\find "MinimumPasswordLength = " >> %IPaddress%echo *密码最短使⽤期限* >> %IPaddress%find "MinimumPasswordAge" C:\find "MinimumPasswordAge = " >> %IPaddress%echo *密码最长使⽤期限* >>
%IPaddress%find "MaximumPasswordAge" C:\find "MaximumPasswordAge = " >> %IPaddress%echo *强制密码历史* >> %IPaddress%find "PasswordHistorySize" C:\find "PasswordHistorySize = " >> %IPaddress%echo *⽤可还原的加密来存储密码* >> %IPaddress%find "ClearTextPassword" C:\find "ClearTextPassword = " >> %IPaddress%echo ---账户锁定策略(⽆结果表⽰未开启)--- >> %IPaddress%echo *账户锁定时间* >> %IPaddress%find "LockoutDuration" C:\ |find "LockoutDuration" >> %IPaddress%echo *复位账户锁定计时器* >> %IPaddress%find "RetLockoutCount" C:\ |find "RetLockoutCount">> %IPaddress%e
cho *账户锁定阈值* >> %IPaddress%find "LockoutBadCount" C:\ |find "LockoutBadCount" >> %IPaddress%echo ---审核策略--- >> %IPaddress%echo ---0表⽰⽆审核,1表⽰成功审核,2表⽰失败审
求知己
韩国辣炒年糕核,3表⽰成功和失败审核--- >> %IPaddress%echo *审核帐户管理* >> %IPaddress%find "AuditAccountManage" C:\ | find "AuditAccountManage" >> %IPaddress%echo *审核帐户登录事件* >> %IPaddress%find "AuditAccountLogon" C:\ | find "AuditAccountLogon" >> %IPaddress%echo *审核系统事件* >> %IPaddress%find "AuditSystemEvents" C:\ | find "AuditSystemEvents" >> %IPaddress%echo *审核⽬录服务访问* >> %IPaddress%find "AuditDSAccess" C:\ | find "AuditDSAccess" >> %IPaddress%echo *审核过程跟踪* >> %IPaddress%find "AuditProcessTracking" C:\ | find "AuditProcessTracking" >> %IPaddress%echo *审核特权使⽤* >> %IPaddress%find "AuditPrivilegeU" C:\ | find "AuditPrivilegeU" >> %IPaddress%echo *审核对象访问* >> %IPaddress%find "AuditObjectAccess" C:\ | find "AuditObjectAccess" >> %IPaddress%echo *审核登录事件* >> %IPaddress%find "AuditLogonEvents" C:\ | find "AuditLogonEvents" >> %IPaddress%echo *审核策略更改* >> %IPaddress%find "AuditPolicyChange" C:\ | find "AuditPolicyChange" >> %IPaddress%echo ---安全选项--- >> %IPaddress%echo *0表⽰已停⽤,1表⽰已启⽤* >>激励学习的名言警句
%IPaddress%echo *在挂起会话之前所需的空闲时间* >> %IPaddress%find "AutoDisconnect" C:\ | find "AutoDisconnect" >> %IPaddress%echo *不显⽰上次登录的⽤户名* >> %IPaddress%find "DontDisplayLastUrName" C:\ | find "DontDisplayLastUrName" >> %IPaddress%echo *关机前清理虚拟内存页⾯* >> %IPaddress%find "ClearPageFileAtShutdown" C:\ | find "ClearPageFileAtShutdown" >> %IPaddress%echo *允许在未登录前关机* >> %IPaddress%find "ShutdownWithoutLogon" C:\ | find "ShutdownWithoutLogon" >> %IPaddress%echo ---⽤户权利分配--- >>
%IPaddress%echo (Everyone:*S-1-1-0 Administrators:*S-1-5-32-544 Urs:*S-1-5-32-545 Power Urs:*S-1-5-32-547 Backup Operators:*S-1-5-32-551) >> %IPaddress%echo *从远程系统强制关机* >> %IPaddress%find "SeRemoteShutdownPrivilege" C:\ | find "SeRemoteShutdownPrivilege" >> %IPaddress%echo *取得⽂件或其他对象所有权* >> %IPaddress%find "SeTakeOwnershipPrivilege" C:\ | find "SeTakeOwnershipPrivilege" >> %IPaddress%echo *从本地登录此计算机* >> %IPaddress%find "SeInteractiveLogonRight" C:\ | find "SeInteractiveLogonRight" >>
%IPaddress%echo *允许通过远程桌⾯服务登录* >> %IPaddress%find "SeRemoteInteractiveLogonRight" C:\ | find "SeRemoteInteractiveLogonRight" >> %IPaddre
ss%echo *调试程序* >> %IPaddress%find "SeDebugPrivilege" C:\ | find "SeDebugPrivilege" >> %IPaddress%echo *更改系统时间* >> %IPaddress%find "SeSystemtimePrivilege" C:\ | find "SeSystemtimePrivilege" >> %IPaddress%echo *管理审核和安全⽇志* >> %IPaddress%find "SeSecurityPrivilege" C:\ | find "SeSecurityPrivilege" >> %IPaddress%del C:\ho 8.系统⽤户(CreatedbyG) >> %IPaddress%net ur >>
%IPaddress%for /f "skip=4 delims=" %%a in ('net ur^|findstr /vx "命令成功完成。"') do for %%i in (%%a) do net ur %%i >> %IPaddress%net localgroup >> %IPaddress%net localgroup Administrators >> %IPaddress%net localgroup Guests >>
%IPaddress%echo 9.其它选项(CreatedbyG) >> %IPaddress%echo *⾃动播放* (oxff为关闭全部⾃动播放,⽆结果则开启) >>
%IPaddress%reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDriveTypeAutoRun |find "NoDriveTypeAutoRun" >> %IPaddress%echo ---屏幕保护程序--- >> %IPaddress%echo *是否开启屏保* (0关,1开)>> %IPaddress%reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveActive |find
保* (0关,1开)>> %IPaddress%reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveActive |find "ScreenSaveActive" >> %IPaddress%echo *屏保时间*(单位秒)>> %IPaddress%reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaveTimeOut |find "ScreenSaveTimeOut" >> %IPaddress%echo *屏保恢复时使⽤密码保护* (0否,1是)>> %IPaddress%reg query "HKEY_CURRENT_USER\Control Panel\Desktop" /v ScreenSaverIsSecure |find "ScreenSaverIsSecure" >> %IPaddress%echo *防⽕墙状态*(1开,0关)>> %IPaddress%reg query
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\rvices\SharedAccess\Parameters\FirewallPolicy\StandardProfile /v EnableFirewall |find "EnableFirewall" >> %IPaddress%echo *远程桌⾯* (0开,1关) >> %IPaddress%reg query
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections |find "fDenyTSConnections" >> %IPaddress%echo *3389端⼝* (d3d:3389) >> %IPaddress%reg query
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber
查询dns|find "PortNumber" >> %IPaddress%echo *远程协助* (0关(合规),1开) >> %IPaddress%reg query
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Remote Assistance" /v fAllowToGetHelp |find "fAllowToGetHelp" >> %IPaddress%echo *⽇志⽂件⼤⼩* >> %IPaddress%echo *应⽤⽇志⽂件⼤⼩*(0x2800000以上为合规) >>
%IPaddress%reg query "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application" /v MaxSize |find "MaxSize" >> %IPaddress%echo *达到事件⽇志最⼤⼤⼩时*(不存在或0均合规) >> %IPaddress%reg query
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application" /v Retention |find "Retention" >>婷婷天天
%IPaddress%echo *安全⽇志⽂件⼤⼩*(0x2800000以上为合规) >> %IPaddress%reg query虾怎么煮
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security" /v MaxSize |find "MaxSize" >>
%IPaddress%echo *达到事件⽇志最⼤⼤⼩时*(不存在或0均合规) >> %IPaddress%reg query
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Security" /v Retention |find "Retention" >>开元通
%IPaddress%echo *系统⽇志⽂件⼤⼩*(0x2800000以上为合规) >> %IPaddress%reg query
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System" /v MaxSize |find "MaxSize" >>
%IPaddress%echo *达到事件⽇志最⼤⼤⼩时*(不存在或0均合规) >> %IPaddress%reg query
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System" /v Retention |find "Retention" >>
%IPaddress%echo *默认共享*(注册表 + net share查看) >> %IPaddress%echo *分区共享*(存在且为0,为合规) >> %IPaddress%reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanrver\parameters" /v AutoShareServer
|find "AutoShareServer" >> %IPaddress%echo *ADMIN共享*(存在且为0,为合规) >> %IPaddress%reg query
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanrver\parameters" /v AutoShareWks |find "AutoShareWks" >> %IPaddress%echo *IPC共享* (存在且为1,为合规) >> %IPaddress%reg query
"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" /v restrictanonymous |find "restrictanonymous" >>
%IPaddress%echo *共享列表* >> %IPaddress%reg query
"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanrver\shares" >> %IPaddress%echo *默认共享* >>
%IPaddress%net share >> %IPaddress%copy C:\Windows\WindowsUpdate.log .\ren WindowsUpdate.log
%IPaddress%.updatelogreg save hklm\sam %IPaddress%.samreg save hklm\system %IPaddress%.systempau
