From cd1943928e1d93dec6e376ec2b9a9958a2785a30 Mon Sep 17 00:00:00 2001 From: pstepan Date: Thu, 25 Jul 2024 10:57:41 +0200 Subject: [PATCH] feat: Add firewall configuration and server roles information --- start-audit.ps1 | 144 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 135 insertions(+), 9 deletions(-) diff --git a/start-audit.ps1 b/start-audit.ps1 index e8b2b28..aa55553 100644 --- a/start-audit.ps1 +++ b/start-audit.ps1 @@ -27,7 +27,8 @@ param( [string[]]$Target = $env:COMPUTERNAME, - [switch]$Verbose + [switch]$Verbose, + [string]$Path ) #refion Set Environment @@ -90,7 +91,7 @@ function Get-GeneralInfo { $uptime = (Get-Date) - $OperatingSystem.ConvertToDateTime($OperatingSystem.Lastbootuptime) - $GeneralInfo = @{ + $GeneralInfo =[ordered] @{ "ComputerName" = $ComputerSystem.Name "OS" = $OperatingSystem.Caption "OS Version" = $OperatingSystem.Version @@ -115,8 +116,8 @@ function Get-HardwareInfo { $Disk = Get-WmiObject -computername $Target Win32_LogicalDisk $LogicalDrives = @() - Foreach ($LDrive in ($Disk | Where {$_.DriveType -eq 3})){ - $Details = @{ + Foreach ($LDrive in ($Disk | Where-Object {$_.DriveType -eq 3})){ + $Details = [pscustomobject] @{ "Drive Letter" = $LDrive.DeviceID "Label" = $LDrive.VolumeName "File System" = $LDrive.FileSystem @@ -127,7 +128,7 @@ function Get-HardwareInfo { $LogicalDrives += $Details } - $HardwareInfo = @{ + $HardwareInfo = [ordered] @{ "Manufacturer" = $ComputerSystem.Manufacturer "Model" = $ComputerSystem.Model "Processor Cores" = $Processor.NumberOfCores @@ -149,7 +150,7 @@ function Get-NetworkConfiguration { $NetworkConfiguration = @() foreach ($Adapter in $NetworkAdapter) { $netAdapter = Get-WmiObject -computername $Target Win32_NetworkAdapter | Where-Object { $_.DeviceID -eq $adapter.Index } - $NetworkInfo = @{ + $NetworkInfo = [ordered] @{ "Interface Name" = $netAdapter.Name "IP Address" = ($Adapter.IPAddress -join ", ") "Subnet Mask" = ($Adapter.IPSubnet -join ", ") @@ -196,7 +197,7 @@ function Get-Roles { $Roles = Invoke-Command -ComputerName $Target -ScriptBlock { Get-WindowsFeature | Where-Object { $_.Installed -eq $true }} $RolesInfo = @() foreach ($role in $Roles) { - $RolesInfo += @{ + $RolesInfo += [pscustomobject]@{ "Role Name" = $role.Name "Description" = $role.Description "Status" = $role.InstallState @@ -212,7 +213,7 @@ function Get-LocalUserAdmins { [string]$Target ) $LocalUserAdmins = Invoke-Command -ComputerName $Target -ScriptBlock { - $SIDs = Get-LocalGroupMember -Group "Administrators" -ErrorAction SilentlyContinue | Where-Object {$_.PrincipalSource -eq "Local"} | Select SID + $SIDs = Get-LocalGroupMember -Group "Administrators" -ErrorAction SilentlyContinue | Where-Object {$_.PrincipalSource -eq "Local"} | Select-Object SID if ($SIDs){ $LocalAdmins = Get-LocalUser -SID $SIDs.SID.Value }else{ @@ -231,7 +232,7 @@ function Get-LocalUserAdmins { ([string]((Get-Date) - $user.PasswordLastSet).days) + " days ago" } - $LocalAdminsInfo += @{ + $LocalAdminsInfo += [pscustomobject]@{ "Username" = $user.Name "Display Name" = $user.FullName "Description" = $user.Description @@ -244,6 +245,41 @@ function Get-LocalUserAdmins { return $LocalAdminsInfo } + +function Get-InstalledApplication { + param( + [string]$Target + ) + #$InstalledApps = Get-WmiObject -Class Win32_Product -ComputerName $Target | Select-Object Name, Version, Vendor, InstallDate + $InstalledApps = Invoke-Command -ComputerName $Target -ScriptBlock { + $registryPaths = @( + "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", + "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*", + "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" + ) + + $Apps = foreach ($path in $registryPaths) { + Get-ItemProperty -Path $path -ErrorAction SilentlyContinue | Where-Object { $_.DisplayName } | Select-Object @{Name='Name';Expression={$_.DisplayName}}, @{Name='Version';Expression={$_.DisplayVersion}}, @{Name='Publisher';Expression={$_.Publisher}}, @{Name='InstallDate';Expression={if ($_.InstallDate) { [datetime]::ParseExact($_.InstallDate, 'yyyyMMdd', $null) } else { $null }}} + } + + $Apps + } + + + return $InstalledApps | Select-Object Name, Version, Publisher, InstallDate +} + +<# function Get-WindowsUpdateSettings { + param( + [string]$Target + ) + $WindowsUpdateSettings = Invoke-Command -ComputerName $Target -ScriptBlock { + $WindowsUpdates = (New-Object -ComObject "Microsoft.Update.AutoUpdate").Settings + $WindowsUpdates + } + + return $WindowsUpdateSettings +} #> #endregion Write-Host " @@ -285,6 +321,11 @@ foreach ($server in $Target) { Write-Message -Type "Success" Write-Verbose ($FirewallConfiguration | Out-String) + Write-Message -Message "Collecting information abut local admins" + $LocalAdminsInfo = Get-LocalUserAdmins -Target $server + Write-Message -Type "Success" + Write-Verbose ($LocalAdminsInfo | Out-String) + Write-Message -Message "Collecting server roles information" if($GeneralInfo.'Domain Role Id' -ge 2) { $ServerRoles = Get-Roles -Target $server @@ -294,8 +335,93 @@ foreach ($server in $Target) { Write-Message -Type "Success" Write-Verbose ($ServerRoles | Out-String) + Write-Message -Message "Collecting installed applications" + $InstalledApplications = Get-InstalledApplication -Target $server + Write-Message -Type "Success" + Write-Verbose ($InstalledApplications| Out-String) + #region HTML Report + Write-Message -Message "Generating HTML report" + $dateTime = Get-Date -Format "yyyy-MM-dd_HH-mm-ss" + if(!$Path) { + $Path = $PSScriptRoot +"\" + $server + "_" + $dateTime + ".html" + } + + New-HTML -TitleText "$server $dateTime" -Online:$true -FilePath $Path -ShowHTML { + New-HTMLHeader { + New-HTMLSection -Invisible { + New-HTMLPanel -Invisible { + New-HTMLImage -Source 'https://git.totalservice.cz/public/MSClientOnBoarding/raw/branch/main/logo/total_service_logo.png' -UrlLink 'https://totalservice.cz' -AlternativeText 'Total Service' -Class 'otehr' -Width '5%' + } + New-HTMLPanel -Invisible { + New-HTMLHeading -HeadingText "Audit: $server" -Heading h1 + } + } + } + New-HTMLTab -TabName 'General Information' { + New-HTMLSection -HeaderText 'General Information' { + New-HTMLPanel { + New-HTMLTable -DataTable $GeneralInfo -ExcludeProperty 'Domain Role Id' -HideFooter -Simplify { + New-TableHeader -Title 'General Information' + } + } + New-HTMLPanel { + $data = [ordered] @{ + "Manufacturer" = $HardwareInfo.Manufacturer + "Model" = $HardwareInfo.Model + "Processor Cores" = $HardwareInfo.'Processor Cores' + "Memory (GB)" = $HardwareInfo.Memory + } + New-HTMLTable -DataTable $data -HideFooter -Simplify { + New-TableHeader -Title 'Hardware' + } + } + New-HTMLPanel { + New-HTMLTable -DataTable $HardwareInfo.Disk -HideFooter -Simplify { + New-TableHeader -Title 'Disk' + } + } + } + New-HTMLSection -HeaderText 'Networking' { + New-HTMLPanel { + New-HTMLTable -DataTable $NetworkConfiguration -HideFooter -Simplify { + New-TableHeader -Title 'Network Configuration' + } + } + New-HTMLPanel { + New-HTMLTable -DataTable $FirewallConfiguration -HideFooter -Simplify { + New-TableHeader -Title 'Firewall Configuration' + } + } + } + New-HTMLSection -HeaderText 'Server Roles' { + New-HTMLPanel { + New-HTMLTable -DataTable $LocalAdminsInfo -HideFooter -HideButtons { + New-TableHeader -Title 'Local Admins' + } + } + + New-HTMLPanel { + New-HTMLTable -DataTable $ServerRoles -HideFooter -HideButtons { + New-TableHeader -Title 'Server Roles' + } + } + } + } + New-HTMLTab -TabName 'Installed Applications' { + New-HTMLSection -HeaderText 'Applications list' { + New-HTMLPanel { + New-HTMLTable -DataTable $InstalledApplications -HideFooter -PagingLength 50 -Title "$server $dateTime Installed Apps" { # Title will be used for filename when using export + New-TableHeader -Title 'Installed Applications' + + } + } + } + } + } + + Write-Message -Type "Success" } \ No newline at end of file