국정원기반 서버 취약점 점검 스크립트 -Windows
아래 스크립트는 필자가 만든 스크립트입니다.
국정원이나 산자부 보안점검 대비 OS를 체크하기 위한 스크립트로
매우 주관적으로 만든 것이니 참고만 하시기 바랍니다.
@ECHO OFF
REM NISK(National Intelligence Service Korea) Base Security Check Script for KookJung
REM Edit by Guppy in 2020
REM for Windows 2012 Over
tasklist > tasklist.txt
net start > net_start.txt
systeminfo > systeminfo.txt
net accounts > net_accounts.txt
ver > ver.txt
for /f "delims=[ tokens=2" %%i in (ver.txt) do set MV=%%i
if exist %windir%\SysWOW64 (
set WinBit=64
) else (
set WinBit=32
)
set LOGFILE=%COMPUTERNAME%-"%MV:~8,3%"-%WinBit%bit.txt
ECHO. >%LOGFILE%
date /t >> %LOGFILE%
time /t >> %LOGFILE%
type systeminfo.txt | find "Microsoft" >>%LOGFILE%
type systeminfo.txt | find "Pack" >>%LOGFILE%
ECHO "%MV:~8,3%"%WinBit% Bit >>%LOGFILE%
secedit /EXPORT /CFG LocalSecurityPolicy.txt >>%LOGFILE%
ECHO. >>%LOGFILE%
:: windows 2003
if "%MV:~8,3%"=="5.2" (
echo 해당 버젼은 만료되어 버젼 업그레이드가 필요합니다. >>%LOGFILE%
echo Windows 2003 %WinBit%bit >>%LOGFILE%
exit
)
:: windows 2008
if "%MV:~8,3%"=="6.0" (
echo 해당 버젼은 만료되어 버젼 업그레이드가 필요합니다. >>%LOGFILE%
echo Windows 2008 %WinBit%bit >>%LOGFILE%
exit
)
:: windows 2008 r2
if "%MV:~8,3%"=="6.1" (
echo 해당 버젼은 만료되어 버젼 업그레이드가 필요합니다. >>%LOGFILE%
echo Windows 2008 R2 %WinBit%bit >>%LOGFILE%
exit
)
ECHO. >>%LOGFILE%
ECHO OTP 설치 여부 >>%LOGFILE%
wmic product get name,version > product.txt
TYPE product.txt | findstr /i "Secuve" >>%LOGFILE%
TYPE product.txt | findstr /i "OTP" >>%LOGFILE%
TYPE product.txt | findstr /i "Grippin" >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 결과 ( 육안확인) >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 1. 최신 보안 업데이트 적용 여부 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 결과 >>%LOGFILE%
type systeminfo.txt | findstr /i "hotfix kb" >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 2. Guest 계정 비활성화 ( 1 ) >>%LOGFILE%
net user guest > NUL
IF NOT ERRORLEVEL 1 net user guest | find "활성 계정" >>%LOGFILE%
net user guest | find "활성 계정" | find "예" > NUL
ECHO 결과 >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 양호 >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 취약 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 3. 계정 로그인 실패시 잠금 임계값 설정 ( 5 ) >>%LOGFILE%
TYPE net_accounts.txt | findstr /I /C:"잠금 임계값" >>%LOGFILE%
TYPE net_accounts.txt | findstr /I /C:"잠금 임계값" > Threshols.txt
FOR /F "TOKENS=1-3" %%A IN (Threshols.txt) DO SET passwd_length=%%C
ECHO 결과 >>%LOGFILE%
IF %passwd_length% LEQ 5 ECHO 양호 >>%LOGFILE%
IF NOT %passwd_length% LEQ 5 ECHO 취약 >>%LOGFILE%
ECHO. >>%LOGFILE%
TYPE net_accounts.txt >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 4-1. 패스워드 복잡성 ( 1 ) >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "PasswordComplexity" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find "PasswordComplexity" > PasswordComplexity.txt
FOR /F "TOKENS=1-3" %%A IN (PasswordComplexity.txt) DO SET passwd_length=%%C
ECHO 결과 >>%LOGFILE%
IF %passwd_length% GEQ 1 ECHO 양호 >>%LOGFILE%
IF NOT %passwd_length% GEQ 1 ECHO 취약 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 4-2. 패스워드 최소 길이 : 9 이상 >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "MinimumPasswordLength" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find "MinimumPasswordLength" > MinimumPasswordLength.txt
FOR /F "TOKENS=1-3" %%A IN (MinimumPasswordLength.txt) DO SET passwd_length=%%C
ECHO 결과 >>%LOGFILE%
IF %passwd_length% GEQ 8 ECHO 양호 >>%LOGFILE%
IF NOT %passwd_length% GEQ 8 ECHO 취약 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 4-3. 패스워드 최소 사용기간 / 패스워드 기억 : 1 이상 >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "MinimumPasswordAge" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "PasswordHistorySize" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find "MinimumPasswordAge" > MinimumPasswordAge.txt
FOR /F "TOKENS=1-3" %%A IN (MinimumPasswordAge.txt) DO SET passwd_length=%%C
ECHO 결과 >>%LOGFILE%
IF %passwd_length% GEQ 1 ECHO 양호 >>%LOGFILE%
IF NOT %passwd_length% GEQ 1 ECHO 취약 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 4-4. 패스워드 최대 사용기간 : 90 이하 >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "MaximumPasswordAge =" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find "MaximumPasswordAge =" > MaximumPasswordAge.txt
FOR /F "TOKENS=1-3" %%A IN (MaximumPasswordAge.txt) DO SET passwd_length=%%C
ECHO 결과 >>%LOGFILE%
IF %passwd_length% LEQ 90 ECHO 양호 >>%LOGFILE%
IF NOT %passwd_length% LEQ 90 ECHO 취약 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 5. 해독불가 암호화 설정 ( 0 ) >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "ClearTextPassword" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find "ClearTextPassword = 0" > NUL
ECHO 결과 >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 양호 >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 취약 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 6. 마지막 로그인 사용자 이름 표시 안 함 사용 ( 1 ) >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "DontDisplayLastUserName" >>%LOGFILE%
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" 2>&1| findstr /i "DontDisplayLastUserName" >>%LOGFILE%
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System" 2>&1| findstr /i "DontDisplayLastUserName" | find "1" > NUL
ECHO 결과 >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 취약 >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 양호 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 7. 하드디스크 기본 공유 설정 해제 ( 0 ) >>%LOGFILE%
net share >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" 2>&1| findstr /i "AutoShareWks" >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters" 2>&1| findstr /i "AutoShareServer" >>%LOGFILE%
ECHO 결과 (육안확인) >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 8. CMD 파일 실행권한 제거 >>%LOGFILE%
icacls c:\windows\system32\cmd.exe >>%LOGFILE%
ECHO 결과 (육안확인) - GUEST 실행권한 제거 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 9. 원격데스크탑 연결 비활성화 >>%LOGFILE%
TYPE net_start.txt | find /i "Remote Desktop Services" > NUL
IF NOT ERRORLEVEL 1 (
ECHO Remote Desktop Services 실행 >>%LOGFILE%
ECHO TIMOUT 값 >>%LOGFILE%
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /s 2>&1| findstr "MaxIdleTime" >>%LOGFILE%
)
IF ERRORLEVEL 1 (
ECHO Remote Desktop Services 중지 >>%LOGFILE%
)
ECHO 결과 (육안확인) - 실행되어 있으나 ACL적용되어야됨 >>%LOGFILE%
type d:\acl.txt >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 10. Autologon 기능 비활성화 ( 0 ) >>%LOGFILE%
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 2>&1| findstr /i "DefaultPassword" >>%LOGFILE%
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 2>&1| findstr /i "AutoAdminLogon" >>%LOGFILE%
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 2>&1| findstr /i "AutoAdminLogon" | find /i "0" > NUL
ECHO 결과 >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 양호 >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 취약 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 11. 불필요한 계정 삭제 >>%LOGFILE%
net user >>%LOGFILE%
ECHO 결과 (육안확인) >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 12. 계정 로그인 이벤트 감사 정책 설정 ( 3?? ) >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "AuditLogonEvents" >>%LOGFILE%
ECHO 결과 (육안확인) >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 13. FTP, TELNET 사용해제 >>%LOGFILE%
TYPE tasklist.txt | findstr /i "IIS" >>%LOGFILE%
TYPE tasklist.txt | findstr /i "telnet" >>%LOGFILE%
TYPE tasklist.txt | findstr /i "ftp" >>%LOGFILE%
TYPE net_start.txt | findstr /i "telnet" >>%LOGFILE%
TYPE net_start.txt | findstr /i "ftp" >>%LOGFILE%
TYPE net_start.txt | find /i "FTP Publishing Service" >>%LOGFILE%
reg query "HKLM\Software\Microsoft\TelnetServer\1.0\SecurityMechanism" >>%LOGFILE% 2>&1
telnet 127.0.0.1 21 >>%LOGFILE% 2>&1
telnet 127.0.0.1 23 >>%LOGFILE% 2>&1
tlntadmn config >>%LOGFILE% 2>&1
ECHO 결과 (육안확인) >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 14. 익명FTP 사용해제 >>%LOGFILE%
ECHO IIS 서비스 구동시 >>%LOGFILE%
ECHO IIS > FTP 사이트 > 속성 > 보안탭 > 익명연결 허용 체크박스 해제 >>%LOGFILE%
ECHO 제어판 > 관리도구 > IIS 관리 > 해당 웹사이트 > 우클릭 > FTP 게시추가 > 인증화면의 익명 체크박스 해제 >>%LOGFILE%
ECHO 결과 (육안확인) >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 15. 비 로그인시 시스템 종료 불가 설정 ( 0 ) >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "ShutdownWithoutLogon" >>%LOGFILE%
ECHO 결과 (육안확인) >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 16. 디포트 SNMP 커뮤니티 - public 변경 >>%LOGFILE%
net start | find "SNMP Service" > NUL
IF NOT ERRORLEVEL 1 (
ECHO SNMP Service 구동 >>%LOGFILE%
) ELSE (
ECHO SNMP Service 중지 >>%LOGFILE%
)
reg query "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities" 2>&1| findstr . >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration" /s 2>&1| findstr . >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers" 2>&1| findstr . >>%LOGFILE%
ECHO 결과 (육안확인) >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 17. SMTP 릴레이 제한 설정 >>%LOGFILE%
ECHO "서비스 > snmp service > 속성 > 보안 > 추가및 삭제" >>%LOGFILE%
telnet 127.0.0.1 25 >>%LOGFILE% 2>&1
ECHO 결과 (육안확인) >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 18. 불필요한 서비스 제거 >>%LOGFILE%
TYPE net_start.txt | findstr "Alerter ClipBook Messenger" > services.txt
TYPE net_start.txt | findstr "Simple TCP/IP Services" >> services.txt
TYPE net_start.txt | findstr /I "Alerter ClipBook Messenger Simple" services.txt > NUL
ECHO 결과 (육안확인) >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 불필요한 서비스가 존재하지 않음 - 양호 >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 불필요한 서비스가 발견되었음. - 취약 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 19. 서비스에서 상위 디렉토리접근 금지 설정 (enableParentPaths) >>%LOGFILE%
TYPE net_start.txt | find /i "world wide web publishing service" >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters" 2>&1 | find /i "version" >>%LOGFILE%
ECHO 결과 (IIS 사용시 육안확인) - "상위 경로 사용" 옵션이 체크되어 있지 않을 경우 양호 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 20. 서비스에서 디렉터리 리스팅 제거 설정 >>%LOGFILE%
TYPE net_start.txt | find /i "world wide web publishing service" >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters" 2>&1 | find /i "version" >>%LOGFILE%
ECHO 결과 (IIS 사용시 육안확인) - 기본 설정 및 사이트별 "디렉터리 검색" 설정이 False 이면 양호 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 21. 윈도우 방화벽 설정을 통하여 허가받지 않은 포트 사용금지 >>%LOGFILE%
netsh advfirewall firewall show rule name=all dir=in > firewall_in.txt
ECHO SMB 포트 차단 - 없으면 취약 >>%LOGFILE%
type firewall_in.txt | find /i "137" >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO RDP 포트 3300 - 없으면 ACL 취약 >>%LOGFILE%
type firewall_in.txt | find /i "3300" >>%LOGFILE%
ECHO 결과 (육안확인) >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 22. NTP 설정 - 192.168.1.1(time.master.kr) >>%LOGFILE%
w32tm /dumpreg /subkey:parameters | find /i "NtpServer" >>%LOGFILE%
w32tm /query /configuration 2>&1 | findstr /i "Correction" >>%LOGFILE%
w32tm /query /configuration 2>&1 | findstr /i "Interval" >>%LOGFILE%
ECHO 결과 (육안확인) >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 기타 시스템 정보 >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO 불필요포트 21,22,23,25,3389,53,137-139,445,161 >>%LOGFILE%
netstat -na > netstat.txt
TYPE netstat.txt | findstr /i ":21 " >>%LOGFILE%
TYPE netstat.txt | findstr /i ":22 " >>%LOGFILE%
TYPE netstat.txt | findstr /i ":23 " >>%LOGFILE%
TYPE netstat.txt | findstr /i ":25 " >>%LOGFILE%
TYPE netstat.txt | findstr /i ":53 " >>%LOGFILE%
TYPE netstat.txt | findstr /i ":3389 " >>%LOGFILE%
TYPE netstat.txt | findstr /i ":137 " >>%LOGFILE%
TYPE netstat.txt | findstr /i ":138 " >>%LOGFILE%
TYPE netstat.txt | findstr /i ":139 " >>%LOGFILE%
TYPE netstat.txt | findstr /i ":445 " >>%LOGFILE%
TYPE netstat.txt | findstr /i ":161 " >>%LOGFILE%
ECHO. >>%LOGFILE%
ECHO. >>%LOGFILE%
del firewall_in.txt
del LocalSecurityPolicy.txt
del MaximumPasswordAge.txt
del MinimumPasswordAge.txt
del MinimumPasswordLength.txt
del net_accounts.txt
del net_start.txt
del PasswordComplexity.txt
del services.txt
del systeminfo.txt
del tasklist.txt
del Threshols.txt
del ver.txt
del product.txt
del netstat.txt
댓글 0
| 번호 | 제목 | 날짜 | 조회 수 |
|---|---|---|---|
| 151 | 외부로 통신이 되지 않을 때 가지고 있는 CD-ROM으로 yum 사용하는 방법 | 2020.08.25 | 589 |
| » | 국정원기반 서버 취약점 점검 스크립트 -Windows | 2020.07.01 | 926 |
| 149 | 국정원기반 서버 취약점 점검 스크립트 -Linux | 2020.07.01 | 769 |
| 148 | 국정원기반 서버 취약점 점검 스크립트 -HPUX | 2020.07.01 | 133 |
| 147 | AIX 내부적인 Memory 관리 방법 | 2020.04.14 | 72 |
| 146 | AIX SYSTEM CHECK SCRIPT | 2020.04.10 | 2283 |
| 145 | 아파치 톰캣 AJP 프로토콜에 '고스트캣(GhostCat)' 취약점 | 2020.04.06 | 508 |
| 144 | top을 통해 살펴보는 프로세스 정보들 | 2020.03.04 | 165 |
| 143 | netstat | 2020.02.05 | 174 |
| 142 | Linux Cache Memory Clear | 2020.01.20 | 182 |
| 141 | ThreadDump 분석 | 2020.01.02 | 146 |
| 140 | Apache나, Tomcat 버젼 노출 취약점 | 2019.12.09 | 707 |
| 139 | NetBackup Port Open | 2019.11.21 | 566 |
| 138 | CSQL 인터프리터 사용방법 | 2019.11.04 | 313 |
| 137 | 서버 취약점 점검 | 2019.10.30 | 833 |