You cannot see this page without javascript.

메뉴 건너뛰기

WHKorea

국정원, 산자부 서버 취약점 점검 스크립트 -Windows - 2021

 

아래 스크립트는 필자가 만든 스크립트입니다.

국정원이나 산자부 보안점검 대비 OS를 체크하기 위한 스크립트로

매우 주관적으로 만든 것이니 참고만 하시기 바랍니다.

 

첨부 되어 있습니다.

 

다운 받은뒤 .txt 확장자를 빼고 실행하면 됩니다.

windows_2021.bat

 

@ECHO OFF
REM NISK(National Intelligence Service Korea) Base Security Check Script for KookJung
REM Edit by Guppy in 2021
REM for Windows 2012 ,2016, 2019

tasklist > tasklist.txt
net start > net_start.txt
systeminfo > systeminfo.txt
net accounts > net_accounts.txt
ver > ver.txt
for /f "delims=[ tokens=2" %%i in (ver.txt) do set MV=%%i

if exist %windir%\SysWOW64 (
 set WinBit=64
) else (
 set WinBit=32
)

DATE=date /t

set LOGFILE=%COMPUTERNAME%-"%MV:~8,3%"-%WinBit%bit-%DATE%.txt
ECHO.       >%LOGFILE%

date /t      >> %LOGFILE%
time /t      >> %LOGFILE%
type systeminfo.txt | find "Microsoft"    >>%LOGFILE%
type systeminfo.txt | find "Pack"      >>%LOGFILE%
ECHO "%MV:~8,3%"%WinBit% Bit    >>%LOGFILE%
secedit /EXPORT /CFG LocalSecurityPolicy.txt    >>%LOGFILE%
ECHO.       >>%LOGFILE%
:: windows 2003
if "%MV:~8,3%"=="5.2" (
 echo 해당 버젼은 만료되어 버젼 업그레이드가 필요합니다. >>%LOGFILE%
   echo Windows 2003 %WinBit%bit   >>%LOGFILE%
 
)

:: windows 2008
if "%MV:~8,3%"=="6.0" (
 echo 해당 버젼은 만료되어 버젼 업그레이드가 필요합니다. >>%LOGFILE%
 echo Windows 2008 %WinBit%bit   >>%LOGFILE%
 
)

:: windows 2008 r2
if "%MV:~8,3%"=="6.1" (
 echo 해당 버젼은 만료되어 버젼 업그레이드가 필요합니다. >>%LOGFILE%
 echo Windows 2008 R2 %WinBit%bit   >>%LOGFILE%
 
)
ECHO. >>%LOGFILE%
ECHO OTP 설치 여부   >>%LOGFILE%
wmic product get name,version > product.txt
TYPE product.txt | findstr /i "Secuve"    >>%LOGFILE%
TYPE product.txt | findstr /i "OTP"    >>%LOGFILE%
TYPE product.txt | findstr /i "Grippin"    >>%LOGFILE%
ECHO.        >>%LOGFILE%
ECHO 결과 ( 육안확인)    >>%LOGFILE%
ECHO.       >>%LOGFILE%

ECHO. >>%LOGFILE%
ECHO 1. 최신 보안 업데이트 적용 여부   >>%LOGFILE%
ECHO.       >>%LOGFILE%
ECHO.       >>%LOGFILE%
ECHO 결과      >>%LOGFILE%
type systeminfo.txt | findstr /i "hotfix kb"   >>%LOGFILE%
ECHO.       >>%LOGFILE%

ECHO 2. Guest 계정 비활성화 ( 1 )    >>%LOGFILE%
net user guest > NUL
IF NOT ERRORLEVEL 1 net user guest | find "활성 계정"  >>%LOGFILE%
net user guest | find "활성 계정" | find "예" > NUL
ECHO 결과      >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 양호    >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 취약    >>%LOGFILE%
ECHO.       >>%LOGFILE%
ECHO.       >>%LOGFILE%
ECHO.       >>%LOGFILE%

ECHO 3. 계정 로그인 실패시 잠금 임계값 설정  ( 5 )  >>%LOGFILE%
TYPE net_accounts.txt | findstr /I /C:"잠금 임계값"   >>%LOGFILE%
TYPE net_accounts.txt | findstr /I /C:"잠금 임계값" > Threshols.txt
FOR /F "TOKENS=1-3" %%A IN (Threshols.txt) DO SET passwd_length=%%C
ECHO 결과        >>%LOGFILE%
IF %passwd_length% LEQ 5 ECHO 양호    >>%LOGFILE%
IF NOT %passwd_length% LEQ 5 ECHO 취약    >>%LOGFILE%
ECHO.        >>%LOGFILE%
TYPE net_accounts.txt      >>%LOGFILE%
ECHO.        >>%LOGFILE%
ECHO.        >>%LOGFILE%

ECHO 4-1. 계정 패스워드 설정시 패스워드 복잡성 ( 1 )   >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "PasswordComplexity" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find  "PasswordComplexity"  > PasswordComplexity.txt
FOR /F "TOKENS=1-3" %%A IN (PasswordComplexity.txt) DO SET passwd_length=%%C
ECHO 결과      >>%LOGFILE%
IF %passwd_length% GEQ 1 ECHO 양호  >>%LOGFILE%
IF NOT %passwd_length% GEQ 1 ECHO 취약  >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 4-2. 패스워드 최소 길이 : 9 이상   >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "MinimumPasswordLength"  >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find  "MinimumPasswordLength"  > MinimumPasswordLength.txt
FOR /F "TOKENS=1-3" %%A IN (MinimumPasswordLength.txt) DO SET passwd_length=%%C
ECHO 결과     >>%LOGFILE%
IF %passwd_length% GEQ 8 ECHO 양호  >>%LOGFILE%
IF NOT %passwd_length% GEQ 8 ECHO 취약  >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 4-3. 패스워드 최소 사용기간 / 패스워드 기억  : 1 이상 >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "MinimumPasswordAge" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "PasswordHistorySize" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find  "MinimumPasswordAge"  > MinimumPasswordAge.txt
FOR /F "TOKENS=1-3" %%A IN (MinimumPasswordAge.txt) DO SET passwd_length=%%C
ECHO 결과     >>%LOGFILE%
IF %passwd_length% GEQ 1 ECHO 양호  >>%LOGFILE%
IF NOT %passwd_length% GEQ 1 ECHO 취약  >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 4-4. 패스워드 최대 사용기간 : 90 이하  >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "MaximumPasswordAge =" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find  "MaximumPasswordAge ="  > MaximumPasswordAge.txt
FOR /F "TOKENS=1-3" %%A IN (MaximumPasswordAge.txt) DO SET passwd_length=%%C
ECHO 결과     >>%LOGFILE%
IF %passwd_length% LEQ 90 ECHO 양호  >>%LOGFILE%
IF NOT %passwd_length% LEQ 90 ECHO 취약  >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 4-5. 감사정책-계정로그인 이벤트 감서정책설정 (육안)  >>%LOGFILE%
ECHO 필수        >>%LOGFILE%
ECHO 계정 로그온 이벤트 감사 (성공/실패)  AuditLogonEvents = 3  >>%LOGFILE%
ECHO 보안정책 바꾸기 (성공/실패)            AuditPolicyChange = 3  >>%LOGFILE%
ECHO 사용자권한사용(실패)                    AuditPrivilegeUse = 2  >>%LOGFILE%
ECHO 디렉터리 서비스 액세스 감사(실패) AuditDSAccess = 2  >>%LOGFILE%
ECHO 예시 참고        >>%LOGFILE%
ECHO AuditSystemEvents = 3 >>%LOGFILE%
ECHO AuditLogonEvents = 3  >>%LOGFILE%
ECHO AuditObjectAccess = 3 >>%LOGFILE%
ECHO AuditPrivilegeUse = 2  >>%LOGFILE%
ECHO AuditPolicyChange = 3 >>%LOGFILE%
ECHO AuditAccountManage = 3 >>%LOGFILE%
ECHO AuditProcessTracking = 0 >>%LOGFILE%
ECHO AuditDSAccess = 2  >>%LOGFILE%
ECHO AuditAccountLogon = 3 >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO 결과     >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find  "Audit"  >>%LOGFILE%
ECHO 육안확인     >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 5. 해독불가 암호화 설정 ( 0 )   >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "ClearTextPassword" >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find "ClearTextPassword = 0" > NUL
ECHO 결과     >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 양호   >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 취약    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 6. 마지막 로그인 사용자 이름 표시 안 함 사용 ( 1 ) >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "DontDisplayLastUserName" >>%LOGFILE%
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System"  2>&1| findstr /i "DontDisplayLastUserName" >>%LOGFILE%
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System"  2>&1| findstr /i "DontDisplayLastUserName" | find "1" > NUL
ECHO 결과     >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 취약    >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 양호   >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO  7. 하드디스크 기본 공유 설정 해제 ( 0 )   >>%LOGFILE%
net share      >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters"  2>&1| findstr /i "AutoShareWks" >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters"  2>&1| findstr /i "AutoShareServer" >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 8.7. 관리자 권한의 사용자 외에 CMD 파일 실행권한 제거 >>%LOGFILE%
icacls c:\windows\system32\cmd.exe   >>%LOGFILE%
ECHO 결과 (육안확인)  - GUEST 실행권한 제거  >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%


ECHO 9.8. 원격데스크탑 연결 비활성화(관리를위해불가-ACL적용) >>%LOGFILE%
TYPE net_start.txt | find /i "Remote Desktop Services" > NUL
IF NOT ERRORLEVEL 1 (
  ECHO Remote Desktop Services 실행  >>%LOGFILE%
  ECHO TIMOUT 값   >>%LOGFILE%
  reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /s 2>&1| findstr "MaxIdleTime"   >>%LOGFILE%
)
IF ERRORLEVEL 1 (
  ECHO Remote Desktop Services 중지  >>%LOGFILE%
)
ECHO 결과 (육안확인) - 실행되어 있으나 ACL적용되어야됨 >>%LOGFILE%
type d:\acl.txt     >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 10.9. Autologon 기능 비활성화 ( 0 )   >>%LOGFILE%
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 2>&1| findstr /i "DefaultPassword" >>%LOGFILE%
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 2>&1| findstr /i "AutoAdminLogon" >>%LOGFILE%
reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" 2>&1| findstr /i "AutoAdminLogon" | find /i "0" > NUL
ECHO 결과     >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 양호   >>%LOGFILE%
IF ERRORLEVEL 1 ECHO 취약    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 11.10. 불필요한 계정 삭제   >>%LOGFILE%
net user      >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 12.11. 계정 로그인 이벤트 감사 정책 설정 ( 3 ) >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "AuditLogonEvents" >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%


ECHO  13. 암호화 기능이 없는 FTP, TELNET 사용해제 >>%LOGFILE%
TYPE tasklist.txt | findstr /i "IIS"   >>%LOGFILE%
TYPE tasklist.txt | findstr /i "telnet"   >>%LOGFILE%
TYPE tasklist.txt | findstr /i "ftp"   >>%LOGFILE%
TYPE net_start.txt | findstr /i "telnet"   >>%LOGFILE%
TYPE net_start.txt | findstr /i "ftp"   >>%LOGFILE%
TYPE net_start.txt | find /i "FTP Publishing Service" >>%LOGFILE%
reg query "HKLM\Software\Microsoft\TelnetServer\1.0\SecurityMechanism" >>%LOGFILE%  2>&1
telnet 127.0.0.1 21     >>%LOGFILE% 2>&1
telnet 127.0.0.1 23     >>%LOGFILE% 2>&1
tlntadmn config     >>%LOGFILE% 2>&1
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 14.12. Anonymous 익명FTP 사용해제  >>%LOGFILE%
ECHO IIS 서비스 구동시    >>%LOGFILE%
ECHO IIS > FTP 사이트 > 속성 > 보안탭 > 익명연결 허용 체크박스 해제 >>%LOGFILE%
ECHO 제어판 > 관리도구 > IIS 관리 > 해당 웹사이트 > 우클릭 > FTP 게시추가 > 인증화면의 익명 체크박스 해제 >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%


ECHO 15.13. 비 로그인시 시스템 종료 불가 설정 ( 0 ) >>%LOGFILE%
TYPE LocalSecurityPolicy.txt | find /i "ShutdownWithoutLogon" >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 16.14. 디포트 SNMP 커뮤니티 - public 변경 >>%LOGFILE%
TYPE net_start.txt | find "SNMP Service" > NUL   
IF NOT ERRORLEVEL 1 (
 ECHO SNMP Service 구동   >>%LOGFILE%
) ELSE (
 ECHO SNMP Service 중지   >>%LOGFILE%
)
reg query "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\ValidCommunities" 2>&1| findstr . >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration" /s 2>&1| findstr . >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\SNMP\Parameters\PermittedManagers" 2>&1| findstr . >>%LOGFILE%
ECHO 결과 (중지 확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 17.15. SMTP 릴레이 제한 설정   >>%LOGFILE%
ECHO "서비스 > snmp service > 속성 > 보안 > 추가및 삭제" >>%LOGFILE%
TYPE net_start.txt| findstr "Exchange" > NUL   
IF NOT ERRORLEVEL 1 (
 ECHO SMTP Service 구동   >>%LOGFILE%
) ELSE (
 ECHO SMTP Service 중지   >>%LOGFILE%
)
telnet 127.0.0.1 25     >>%LOGFILE% 2>&1
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 18.16. 불필요한 서비스 제거   >>%LOGFILE%
TYPE net_start.txt | findstr "Alerter ClipBook Messenger" > services.txt 
TYPE net_start.txt | findstr "Simple" >> services.txt
TYPE net_start.txt | findstr "Automatic Updates" >> services.txt
TYPE net_start.txt | findstr "Update" >> services.txt
TYPE net_start.txt | findstr "Computer Brower" >> services.txt
TYPE net_start.txt | findstr "Cryptographic" >> services.txt
TYPE net_start.txt | findstr "DHCP" >> services.txt
TYPE net_start.txt | find "Distributed Link Tracking Client Server" >> services.txt
TYPE net_start.txt | findstr "DNS" >> services.txt
TYPE net_start.txt | findstr "Error reporting " >> services.txt
TYPE net_start.txt | findstr "Human interface " >> services.txt
TYPE net_start.txt | findstr "IMAPI CD-Burning" >> services.txt
TYPE net_start.txt | findstr "Registiy" >> services.txt
TYPE net_start.txt | findstr "Wireless Zero" >> services.txt
TYPE net_start.txt | findstr "Shell Hardware Detection" >> services.txt
TYPE net_start.txt | findstr "XblAuthManager" >> services.txt
TYPE net_start.txt | findstr "XblGameSave" >> services.txt
TYPE net_start.txt | findstr "TabletinputService" >> services.txt
TYPE net_start.txt | findstr "WalletService" >> services.txt

TYPE net_start.txt | findstr /I "Alerter ClipBook Messenger Simple" services.txt > NUL
ECHO 결과 (육안확인)     >>%LOGFILE%
TYPE services.txt >>%LOGFILE%
IF ERRORLEVEL 1 ECHO  불필요한 서비스가 존재하지 않음 - 양호 >>%LOGFILE%
IF NOT ERRORLEVEL 1 ECHO 불필요한 서비스가 발견되었음. - 취약 >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO 예시 참고     >>%LOGFILE%
ECHO Alerter     >>%LOGFILE%
ECHO Automatic Updates / Windows Update  >>%LOGFILE%
ECHO Clipbook     >>%LOGFILE%
ECHO Computer Brower    >>%LOGFILE%
ECHO Cryptographic    >>%LOGFILE%
ECHO DHCP Client     >>%LOGFILE%
ECHO Distributed Link Tracking Client Server   >>%LOGFILE%
ECHO DNS Client     >>%LOGFILE%
ECHO Error reporting Service   >>%LOGFILE%
ECHO Human interface Device Access   >>%LOGFILE%
ECHO IMAPI CD-Burning COM Service   >>%LOGFILE%
ECHO Messenger     >>%LOGFILE%
ECHO Remote Registiy    >>%LOGFILE%
ECHO Simple TCP/IP Services   >>%LOGFILE%
ECHO Wireless Zero Configuration   >>%LOGFILE%
ECHO Shell Hardware Detection    >>%LOGFILE%
ECHO XblAuthManager (win10)   >>%LOGFILE%
ECHO XblGameSave (win10)    >>%LOGFILE%
ECHO TabletinputService (win10)    >>%LOGFILE%
ECHO WalletService (win10)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 19.17. 서비스에서 상위 디렉토리 접근금지 설정 (enableParentPaths) >>%LOGFILE%
TYPE net_start.txt | find /i "world wide web publishing service"  >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters" 2>&1 | find /i "version" >>%LOGFILE%
ECHO 결과 (IIS 사용시 육안확인) - "상위 경로 사용" 옵션이 체크되어 있지 않을 경우 양호 >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 20.18. 서비스에서 디렉터리 리스팅 제거 설정  >>%LOGFILE%
TYPE net_start.txt | find /i "world wide web publishing service" >>%LOGFILE%
reg query "HKLM\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters" 2>&1 | find /i "version" >>%LOGFILE%
ECHO 결과 (IIS 사용시 육안확인) - 기본 설정 및 사이트별 "디렉터리 검색" 설정이 False 이면 양호 >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 21.19. 윈도우 방화벽 설정을 통하여 허가받지 않은 포트 사용금지 >>%LOGFILE%
netsh advfirewall firewall show rule name=all dir=in > firewall_in.txt
ECHO SMB 포트 차단 - 없으면 취약   >>%LOGFILE%
type firewall_in.txt | find /i "137"   >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO RDP 포트 - 없으면 ACL 취약   >>%LOGFILE%
type firewall_in.txt | find /i "39110"   >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

ECHO 22. Kerberos 프로토콜에 대한 재전송 공격방지를 위한 NTP 설정 - time server 설정확인  >>%LOGFILE%
w32tm /dumpreg /subkey:parameters | find /i "NtpServer" >>%LOGFILE%
w32tm /query /configuration 2>&1 | findstr /i "Correction" >>%LOGFILE%
w32tm /query /configuration 2>&1 | findstr /i "Interval" >>%LOGFILE%
ECHO 결과 (육안확인)    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%


ECHO 기타 시스템 정보    >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO 불필요포트 21,22,23,25,3389,53,137-139,445,161,162 >>%LOGFILE%
netstat -na > netstat.txt
TYPE netstat.txt | findstr /i ":21 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":22 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":23 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":25 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":53 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":3389 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":137 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":138 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":139 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":445 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":161 "   >>%LOGFILE%
TYPE netstat.txt | findstr /i ":162 "   >>%LOGFILE%
ECHO.      >>%LOGFILE%
ECHO.      >>%LOGFILE%

del firewall_in.txt
del LocalSecurityPolicy.txt
del MaximumPasswordAge.txt
del MinimumPasswordAge.txt
del MinimumPasswordLength.txt
del net_accounts.txt
del net_start.txt
del PasswordComplexity.txt
del services.txt
del systeminfo.txt
del tasklist.txt
del Threshols.txt
del ver.txt
del product.txt
del netstat.txt

위로