PowerShell 技能连载 - 零信任架构下的设备健康检查自动化

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
function Invoke-DeviceHealthCheck {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[string]$DeviceName,

[ValidateSet('Basic','Full')]
[string]$ScanMode = 'Basic'
)

$complianceReport = [PSCustomObject]@{
Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
DeviceName = $DeviceName
EncryptionStatus = $null
PatchLevel = $null
FirewallRules = @()
ComplianceScore = 0
}

try {
# 验证BitLocker加密状态
$encryptionStatus = Get-BitLockerVolume -MountPoint C: |
Select-Object -ExpandProperty EncryptionPercentage
$complianceReport.EncryptionStatus = $encryptionStatus -ge 100 ? 'Compliant' : 'Non-Compliant'

# 检查系统更新状态
$updates = Get-HotFix |
Where-Object InstalledOn -lt (Get-Date).AddDays(-30)
$complianceReport.PatchLevel = $updates.Count -eq 0 ? 'Current' : 'Outdated'

# 审计防火墙规则(完整扫描模式)
if ($ScanMode -eq 'Full') {
$firewallRules = Get-NetFirewallRule |
Where-Object Enabled -eq True |
Select-Object DisplayName, Direction, Action
$complianceReport.FirewallRules = $firewallRules
}

# 计算合规分数
$score = 0
if ($complianceReport.EncryptionStatus -eq 'Compliant') { $score += 40 }
if ($complianceReport.PatchLevel -eq 'Current') { $score += 30 }
if ($complianceReport.FirewallRules.Count -eq 0) { $score += 30 }
$complianceReport.ComplianceScore = $score
}
catch {
Write-Error "设备健康检查失败: $_"
}

# 生成零信任合规报告
$complianceReport | Export-Clixml -Path "$env:TEMP/${DeviceName}_ComplianceReport_$(Get-Date -Format yyyyMMdd).xml"
return $complianceReport
}

核心功能

  1. 自动化BitLocker加密状态验证
  2. 系统补丁级别智能评估
  3. 防火墙规则深度审计(完整扫描模式)
  4. 动态合规评分系统

应用场景

  • 零信任安全架构实施
  • 终端设备合规自动化审计
  • 安全基线动态验证
  • 监管合规报告生成

PowerShell 技能连载 - 零信任架构设备健康检查

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
function Invoke-DeviceHealthCheck {
[CmdletBinding()]
param(
[ValidateSet('Basic','Full')]
[string]$ScanLevel = 'Basic'
)

$healthReport = [PSCustomObject]@{
Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
DeviceID = (Get-CimInstance -ClassName Win32_ComputerSystem).Name
Compliance = $true
SecurityScore = 100
Findings = @()
}

# 基础检查项
$checks = @(
{ Get-CimInstance -ClassName Win32_BIOS | Select-Object Version,ReleaseDate },
{ Get-WindowsUpdateLog -Last 7 | Where Status -ne 'Installed' },
{ Get-NetFirewallProfile | Where Enabled -eq $false }
)

if ($ScanLevel -eq 'Full') {
$checks += @(
{ Get-Service -Name WinDefend | Where Status -ne 'Running' },
{ Get-ChildItem 'C:\Temp' -Recurse -File | Where {$_.LastWriteTime -gt (Get-Date).AddDays(-1)} },
{ Get-LocalUser | Where PasswordNeverExpires -eq $true }
)
}

foreach ($check in $checks) {
try {
$result = & $check
if ($result) {
$healthReport.Findings += [PSCustomObject]@{
CheckName = $check.ToString().Split('{')[1].Trim()
Status = 'NonCompliant'
Details = $result | ConvertTo-Json -Compress
}
$healthReport.SecurityScore -= 10
$healthReport.Compliance = $false
}
}
catch {
Write-Warning "检查项执行失败: $_"
}
}

$healthReport | Export-Clixml -Path "$env:TEMP\DeviceHealthReport_$(Get-Date -Format yyyyMMdd).xml"
return $healthReport
}

核心功能

  1. 多层级设备健康扫描(基础/完整模式)
  2. 实时安全态势评分机制
  3. 自动化合规性验证
  4. XML格式审计报告生成

典型应用场景

  • 企业设备入网前合规检查
  • 零信任架构下的持续设备验证
  • 远程办公终端安全审计
  • 安全基线的快速验证

PowerShell 技能连载 - 软件供应链安全自动化审计

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
function Invoke-SupplyChainScan {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[string]$ScanPath,

[ValidateSet('Critical','High','Medium','Low')]
[string]$SeverityLevel = 'Critical'
)

$report = [PSCustomObject]@{
Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
ScannedComponents = @()
SecurityFindings = @()
}

# 组件哈希校验与签名验证
Get-ChildItem $ScanPath -Recurse -Include *.dll,*.exe,*.psm1 | ForEach-Object {
$fileHash = (Get-FileHash $_.FullName -Algorithm SHA256).Hash
$signature = Get-AuthenticodeSignature $_.FullName

$component = [PSCustomObject]@{
FileName = $_.Name
FilePath = $_.FullName
SHA256 = $fileHash
IsSigned = $signature.Status -eq 'Valid'
Publisher = $signature.SignerCertificate.Subject
}
$report.ScannedComponents += $component

if (-not $component.IsSigned) {
$report.SecurityFindings += [PSCustomObject]@{
Severity = 'High'
Description = "未签名的组件: $($_.Name)"
Recommendation = "要求供应商提供数字签名版本或验证组件来源"
}
}
}

# 依赖包漏洞扫描
$nugetPackages = Get-ChildItem $ScanPath -Recurse -Include packages.config
$nugetPackages | ForEach-Object {
[xml]$config = Get-Content $_.FullName
$config.packages.package | ForEach-Object {
$cveData = Invoke-RestMethod "https://api.cvecheck.org/v1/search?id=$($_.id)"
if ($cveData.vulnerabilities | Where-Object { $_.severity -ge $SeverityLevel }) {
$report.SecurityFindings += [PSCustomObject]@{
Severity = $SeverityLevel
Description = "存在漏洞的依赖包: $($_.id) v$($_.version)"
Recommendation = "升级到最新安全版本 $($cveData.latestVersion)"
}
}
}
}

$report | Export-Csv -Path "$ScanPath\SupplyChainReport_$(Get-Date -Format yyyyMMdd).csv" -NoTypeInformation
return $report
}

核心功能

  1. 软件组件哈希指纹校验
  2. 数字签名自动验证
  3. NuGet依赖包漏洞扫描
  4. CVE数据库集成查询

典型应用场景

  • 开发环境第三方组件安全检查
  • CI/CD流水线安全卡点
  • 供应商交付物合规验证
  • 企业软件资产安全基线报告