You cannot see this page without javascript.

메뉴 건너뛰기

WHKorea

국정원기반 서버 취약점 점검 스크립트 -Windows

 

아래 스크립트는 필자가 만든 스크립트입니다.

국정원이나 산자부 보안점검 대비 OS를 체크하기 위한 스크립트로

매우 주관적으로 만든 것이니 참고만 하시기 바랍니다.

 

@ECHO OFF
REM NISK(National Intelligence Service Korea) Base Security Check Script for KookJung
REM Edit by Guppy in 2020
REM for Windows 2012 Over

tasklist > tasklist.txt
net start > net_start.txt
systeminfo > systeminfo.txt
net accounts > net_accounts.txt
ver > ver.txt
for /f "delims=[ tokens=2" %%i in (ver.txt) do set MV=%%i

if exist %windir%\SysWOW64 (
 set WinBit=64
) else (
 set WinBit=32
)
set LOGFILE=%COMPUTERNAME%-"%MV:~8,3%"-%WinBit%bit.txt
ECHO.       >%LOGFILE%

date /t      >> %LOGFILE%
time /t      >> %LOGFILE%
type systeminfo.txt | find "Microsoft"    >>%LOGFILE%
type systeminfo.txt | find "Pack"      >>%LOGFILE%
ECHO "%MV:~8,3%"%WinBit% Bit    >>%LOGFILE%
secedit /EXPORT /CFG LocalSecurityPolicy.txt    >>%LOGFILE%
ECHO.       >>%LOGFILE%
:: windows 2003
if "%MV:~8,3%"=="5.2" (
 echo 해당 버젼은 만료되어 버젼 업그레이드가 필요합니다. >>%LOGFILE%
   echo Windows 2003 %WinBit%bit   >>%LOGFILE%
 exit
)

:: windows 2008
if "%MV:~8,3%"=="6.0" (
 echo 해당 버젼은 만료되어 버젼 업그레이드가 필요합니다. >>%LOGFILE%
 echo Windows 2008 %WinBit%bit   >>%LOGFILE%
 exit
)

:: windows 2008 r2
if "%MV:~8,3%"=="6.1" (
 echo 해당 버젼은 만료되어 버젼 업그레이드가 필요합니다. >>%LOGFILE%
 echo Windows 2008 R2 %WinBit%bit   >>%LOGFILE%
 exit
)
ECHO. >>%LOGFILE%
ECHO OTP 설치 여부   >>%LOGFILE%
wmic product get name,version > product.txt
TYPE product.txt | findstr /i "Secuve"    >>%LOGFILE%
TYPE product.txt | findstr /i "OTP"    >>%LOGFILE%
TYPE product.txt | findstr /i "Grippin"    >>%LOGFILE%
ECHO.        >>%LOGFILE%
ECHO 결과 ( 육안확인)    >>%LOGFILE%
ECHO.       >>%LOGFILE%

ECHO. >>%LOGFILE%
ECHO 1. 최신 보안 업데이트 적용 여부   >>%LOGFILE%
ECHO.       >>%LOGFILE%
ECHO.       >>%LOGFILE%
ECHO 결과      >>%LOGFILE%
type systeminfo.txt | findstr /i "hotfix kb"   >>%LOGFILE%
ECHO.       >>%LOGFILE%

ECHO 2. Guest 계정 비활성화 ( 1 )    >>%LOGFILE%
net user guest > NUL
IF NOT ERRORLEVEL 1 net user guest | find "활성 계정"  >>%LOGFILE%
net user guest | find "활성 계정" | find "예" > NUL
ECHO 결과      >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 양호    >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 취약    >>%LOGFILE%
ECHO.       >>%LOGFILE%
ECHO.       >>%LOGFILE%
ECHO.       >>%LOGFILE%

ECHO 3. 계정 로그인 실패시 잠금 임계값 설정  ( 5 )  >>%LOGFILE%
TYPE net_accounts.txt | findstr /I /C:"잠금 임계값"   >>%LOGFILE%
TYPE net_accounts.txt | findstr /I /C:"잠금 임계값" > Threshols.txt
FOR /F "TOKENS=1-3" %%A IN (Threshols.txt) DO SET passwd_length=%%C
ECHO 결과        >>%LOGFILE%
IF %passwd_length% LEQ 5 ECHO 양호    >>%LOGFILE%
IF NOT %passwd_length% LEQ 5 ECHO 취약    >>%LOGFILE%
ECHO.        >>%LOGFILE%
TYPE net_accounts.txt      >>%LOGFILE%
ECHO.        >>%LOGFILE%
ECHO.        >>%LOGFILE%

ECHO 4-1. 패스워드 복잡성 ( 1 )    >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "PasswordComplexity" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find  "PasswordComplexity"  > PasswordComplexity.txt
FOR /F "TOKENS=1-3" %%A IN (PasswordComplexity.txt) DO SET passwd_length=%%C
ECHO 결과     >>%LOGFILE%
IF %passwd_length% GEQ 1 ECHO 양호  >>%LOGFILE%
IF NOT %passwd_length% GEQ 1 ECHO 취약  >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 4-2. 패스워드 최소 길이 : 9 이상   >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "MinimumPasswordLength"  >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find  "MinimumPasswordLength"  > MinimumPasswordLength.txt
FOR /F "TOKENS=1-3" %%A IN (MinimumPasswordLength.txt) DO SET passwd_length=%%C
ECHO 결과     >>%LOGFILE%
IF %passwd_length% GEQ 8 ECHO 양호  >>%LOGFILE%
IF NOT %passwd_length% GEQ 8 ECHO 취약  >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 4-3. 패스워드 최소 사용기간 / 패스워드 기억  : 1 이상 >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "MinimumPasswordAge" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "PasswordHistorySize" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find  "MinimumPasswordAge"  > MinimumPasswordAge.txt
FOR /F "TOKENS=1-3" %%A IN (MinimumPasswordAge.txt) DO SET passwd_length=%%C
ECHO 결과     >>%LOGFILE%
IF %passwd_length% GEQ 1 ECHO 양호  >>%LOGFILE%
IF NOT %passwd_length% GEQ 1 ECHO 취약  >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 4-4. 패스워드 최대 사용기간 : 90 이하  >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "MaximumPasswordAge =" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find  "MaximumPasswordAge ="  > MaximumPasswordAge.txt
FOR /F "TOKENS=1-3" %%A IN (MaximumPasswordAge.txt) DO SET passwd_length=%%C
ECHO 결과     >>%LOGFILE%
IF %passwd_length% LEQ 90 ECHO 양호  >>%LOGFILE%
IF NOT %passwd_length% LEQ 90 ECHO 취약  >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 5. 해독불가 암호화 설정 ( 0 )   >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "ClearTextPassword" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find "ClearTextPassword = 0" > NUL
ECHO 결과     >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 양호   >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 취약    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 6. 마지막 로그인 사용자 이름 표시 안 함 사용 ( 1 ) >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "DontDisplayLastUserName" >>%LOGFILE%
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System"  2>&1| findstr /i "DontDisplayLastUserName" >>%LOGFILE%
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System"  2>&1| findstr /i "DontDisplayLastUserName" | find "1" > NUL
ECHO 결과     >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 취약    >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 양호   >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 7. 하드디스크 기본 공유 설정 해제 ( 0 )   >>%LOGFILE%
net share      >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters"  2>&1| findstr /i "AutoShareWks" >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters"  2>&1| findstr /i "AutoShareServer" >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 8. CMD 파일 실행권한 제거    >>%LOGFILE%
icacls c:\windows\system32\cmd.exe   >>%LOGFILE%
ECHO 결과 (육안확인)  - GUEST 실행권한 제거  >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%


ECHO 9. 원격데스크탑 연결 비활성화   >>%LOGFILE%
TYPE net_start.txt | find /i "Remote Desktop Services" > NUL
IF NOT ERRORLEVEL 1 (
  ECHO Remote Desktop Services 실행  >>%LOGFILE%
  ECHO TIMOUT 값   >>%LOGFILE%
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /s 2>&1| findstr "MaxIdleTime"   >>%LOGFILE%
)
IF ERRORLEVEL 1 (
  ECHO Remote Desktop Services 중지  >>%LOGFILE%
)
ECHO 결과 (육안확인) - 실행되어 있으나 ACL적용되어야됨 >>%LOGFILE%
type d:\acl.txt     >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 10. Autologon 기능 비활성화 ( 0 )   >>%LOGFILE%
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 2>&1| findstr /i "DefaultPassword" >>%LOGFILE%
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 2>&1| findstr /i "AutoAdminLogon" >>%LOGFILE%
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 2>&1| findstr /i "AutoAdminLogon" | find /i "0" > NUL
ECHO 결과     >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 양호   >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 취약    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 11. 불필요한 계정 삭제   >>%LOGFILE%
net user      >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 12. 계정 로그인 이벤트 감사 정책 설정 ( 3?? ) >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "AuditLogonEvents" >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%


ECHO 13. FTP, TELNET 사용해제   >>%LOGFILE%
TYPE tasklist.txt | findstr /i "IIS"   >>%LOGFILE%
TYPE tasklist.txt | findstr /i "telnet"   >>%LOGFILE%
TYPE tasklist.txt | findstr /i "ftp"   >>%LOGFILE%
TYPE net_start.txt | findstr /i "telnet"   >>%LOGFILE%
TYPE net_start.txt | findstr /i "ftp"   >>%LOGFILE%
TYPE net_start.txt | find /i "FTP Publishing Service" >>%LOGFILE%
reg query "HKLM\Software\Microsoft\TelnetServer\1.0\SecurityMechanism" >>%LOGFILE%  2>&1
telnet 127.0.0.1 21     >>%LOGFILE% 2>&1
telnet 127.0.0.1 23     >>%LOGFILE% 2>&1
tlntadmn config     >>%LOGFILE% 2>&1
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 14. 익명FTP 사용해제    >>%LOGFILE%
ECHO IIS 서비스 구동시    >>%LOGFILE%
ECHO IIS > FTP 사이트 > 속성 > 보안탭 > 익명연결 허용 체크박스 해제 >>%LOGFILE%
ECHO 제어판 > 관리도구 > IIS 관리 > 해당 웹사이트 > 우클릭 > FTP 게시추가 > 인증화면의 익명 체크박스 해제 >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%


ECHO 15. 비 로그인시 시스템 종료 불가 설정 ( 0 ) >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "ShutdownWithoutLogon" >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 16. 디포트 SNMP 커뮤니티 - public 변경    >>%LOGFILE%
net start | find "SNMP Service" > NUL   
IF NOT ERRORLEVEL 1 (
 ECHO SNMP Service 구동   >>%LOGFILE%
) ELSE (
 ECHO SNMP Service 중지   >>%LOGFILE%
)
reg query "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities" 2>&1| findstr . >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration" /s 2>&1| findstr . >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers" 2>&1| findstr . >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 17. SMTP 릴레이 제한 설정   >>%LOGFILE%
ECHO "서비스 > snmp service > 속성 > 보안 > 추가및 삭제" >>%LOGFILE%
telnet 127.0.0.1 25     >>%LOGFILE% 2>&1
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 18. 불필요한 서비스 제거   >>%LOGFILE%
TYPE net_start.txt | findstr "Alerter ClipBook Messenger" > services.txt 
TYPE net_start.txt | findstr "Simple TCP/IP Services" >> services.txt
TYPE net_start.txt | findstr /I "Alerter ClipBook Messenger Simple" services.txt > NUL
ECHO 결과 (육안확인)     >>%LOGFILE%
IF ERRORLEVEL 1 ECHO  불필요한 서비스가 존재하지 않음 - 양호 >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 불필요한 서비스가 발견되었음. - 취약 >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 19. 서비스에서 상위 디렉토리접근 금지 설정 (enableParentPaths) >>%LOGFILE%
TYPE net_start.txt | find /i "world wide web publishing service"  >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters" 2>&1 | find /i "version" >>%LOGFILE%
ECHO 결과 (IIS 사용시 육안확인) - "상위 경로 사용" 옵션이 체크되어 있지 않을 경우 양호 >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 20. 서비스에서 디렉터리 리스팅 제거 설정  >>%LOGFILE%
TYPE net_start.txt | find /i "world wide web publishing service" >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters" 2>&1 | find /i "version" >>%LOGFILE%
ECHO 결과 (IIS 사용시 육안확인) - 기본 설정 및 사이트별 "디렉터리 검색" 설정이 False 이면 양호 >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 21. 윈도우 방화벽 설정을 통하여 허가받지 않은 포트 사용금지 >>%LOGFILE%
netsh advfirewall firewall show rule name=all dir=in > firewall_in.txt
ECHO SMB 포트 차단 - 없으면 취약   >>%LOGFILE%
type firewall_in.txt | find /i "137"   >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO RDP 포트 3300 - 없으면 ACL 취약    >>%LOGFILE%
type firewall_in.txt | find /i "3300"   >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 22. NTP 설정 - 192.168.1.1(time.master.kr)  >>%LOGFILE%
w32tm /dumpreg /subkey:parameters | find /i "NtpServer" >>%LOGFILE%
w32tm /query /configuration 2>&1 | findstr /i "Correction" >>%LOGFILE%
w32tm /query /configuration 2>&1 | findstr /i "Interval" >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%


ECHO 기타 시스템 정보    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO 불필요포트 21,22,23,25,3389,53,137-139,445,161 >>%LOGFILE%
netstat -na > netstat.txt
TYPE netstat.txt | findstr /i ":21 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":22 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":23 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":25 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":53 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":3389 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":137 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":138 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":139 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":445 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":161 "   >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

del firewall_in.txt
del LocalSecurityPolicy.txt
del MaximumPasswordAge.txt
del MinimumPasswordAge.txt
del MinimumPasswordLength.txt
del net_accounts.txt
del net_start.txt
del PasswordComplexity.txt
del services.txt
del systeminfo.txt
del tasklist.txt
del Threshols.txt
del ver.txt
del product.txt
del netstat.txt

위로