2024-10-16发表2025-03-25更新powershell / security / automation1 分钟读完 (大约198个字)

PowerShell 技能连载 - 零信任架构下的设备健康检查

function Invoke-DeviceHealthCheck {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$true)]
        [string]$DeviceName
    )

    $healthReport = [PSCustomObject]@{
        Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
        Device = $DeviceName
        TPMEnabled = $false
        SecureBoot = $false
        AntivirusStatus = 'Unknown'
        ComplianceScore = 0
    }

    try {
        # 检查TPM状态
        $tpm = Get-Tpm -ErrorAction Stop
        $healthReport.TPMEnabled = $tpm.TpmPresent

        # 验证安全启动状态
        $healthReport.SecureBoot = Confirm-SecureBootUEFI

        # 获取反病毒状态
        $avStatus = Get-MpComputerStatus
        $healthReport.AntivirusStatus = $avStatus.AMServiceEnabled ? 'Active' : 'Inactive'

        # 计算合规分数
        $compliance = 0
        if($healthReport.TPMEnabled) { $compliance += 30 }
        if($healthReport.SecureBoot) { $compliance += 30 }
        if($healthReport.AntivirusStatus -eq 'Active') { $compliance += 40 }
        $healthReport.ComplianceScore = $compliance
    }
    catch {
        Write-Warning "设备健康检查失败: $_"
    }

    $healthReport | Export-Clixml -Path "$env:TEMP/DeviceHealth_$DeviceName.xml"
    return $healthReport
}

核心功能：

TPM芯片状态验证
安全启动模式检测
反病毒服务状态监控
自动化合规评分

应用场景：

零信任架构准入控制
远程办公设备安全审计
合规性基线验证
安全事件响应前置检查

2024-10-03发表2025-03-25更新powershell / security / devops2 分钟读完 (大约305个字)

PowerShell 技能连载 - 供应链安全漏洞扫描工具

function Invoke-SupplyChainScan {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$true)]
        [string]$ScanPath,
        
        [ValidateSet('Critical','High','Medium','Low')]
        [string]$SeverityLevel = 'Critical'
    )

    $report = [PSCustomObject]@{
        Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
        ScannedComponents = @()
        SecurityFindings = @()
    }

    # 组件哈希校验
    Get-ChildItem $ScanPath -Recurse -Include *.dll,*.exe,*.psm1 | ForEach-Object {
        $fileHash = (Get-FileHash $_.FullName -Algorithm SHA256).Hash
        $signature = Get-AuthenticodeSignature $_.FullName
        
        $component = [PSCustomObject]@{
            FileName = $_.Name
            FilePath = $_.FullName
            SHA256 = $fileHash
            IsSigned = $signature.Status -eq 'Valid'
            Publisher = $signature.SignerCertificate.Subject
        }
        $report.ScannedComponents += $component

        if (-not $component.IsSigned) {
            $report.SecurityFindings += [PSCustomObject]@{
                Severity = 'High'
                Description = "未签名的组件: $($_.Name)"
                Recommendation = "要求供应商提供数字签名版本或验证组件来源"
            }
        }
    }

    # 依赖包漏洞扫描
    $nugetPackages = Get-ChildItem $ScanPath -Recurse -Include packages.config
    $nugetPackages | ForEach-Object {
        [xml]$config = Get-Content $_.FullName
        $config.packages.package | ForEach-Object {
            $cveData = Invoke-RestMethod "https://api.cvecheck.org/v1/search?id=$($_.id)"
            if ($cveData.vulnerabilities | Where-Object { $_.severity -ge $SeverityLevel }) {
                $report.SecurityFindings += [PSCustomObject]@{
                    Severity = $SeverityLevel
                    Description = "存在漏洞的依赖包: $($_.id) v$($_.version)"
                    Recommendation = "升级到最新安全版本 $($cveData.latestVersion)"
                }
            }
        }
    }

    $report | Export-Csv -Path "$ScanPath\SupplyChainReport_$(Get-Date -Format yyyyMMdd).csv" -NoTypeInformation
    return $report
}

核心功能：

软件组件供应链安全扫描
依赖包漏洞自动化检测
数字签名验证机制
CVE漏洞数据库集成

典型应用场景：

开发环境第三方组件安全检查
软件构建流水线安全审计
供应商交付物合规验证
企业软件资产安全基线报告生成

2024-10-01发表2025-03-25更新powershell / security1 分钟读完 (大约202个字)

PowerShell 技能连载 - 零信任架构下的设备健康检查

function Invoke-DeviceHealthCheck {
    param(
        [string[]]$ComputerNames = $env:COMPUTERNAME
    )

    $securityBaseline = @{
        SecureBootEnabled = $true
        TPMPresent = $true
        BitLockerStatus = 'FullyEncrypted'
        AntivirusStatus = 'Enabled'
        FirewallProfile = 'Domain'
    }

    $results = @()

    foreach ($computer in $ComputerNames) {
        try {
            $osInfo = Get-CimInstance -ClassName Win32_OperatingSystem -ComputerName $computer
            $tpm = Get-CimInstance -ClassName Win32_Tpm -ComputerName $computer -ErrorAction Stop
            $bitlocker = Get-BitLockerVolume -MountPoint $osInfo.SystemDrive -ErrorAction Stop
            
            $healthStatus = [PSCustomObject]@{
                ComputerName = $computer
                LastBootTime = $osInfo.LastBootUpTime
                SecureBoot = [bool](Confirm-SecureBootUEFI)
                TPMVersion = $tpm.SpecVersion
                BitLockerProtection = $bitlocker.ProtectionStatus
                DefenderStatus = (Get-MpComputerStatus).AntivirusEnabled
                FirewallStatus = (Get-NetFirewallProfile -Name Domain).Enabled
                ComplianceScore = 0
            }

            # 计算合规分数
            $healthStatus.ComplianceScore = [math]::Round((
                ($healthStatus.SecureBoot -eq $securityBaseline.SecureBootEnabled) + 
                ($healthStatus.TPMVersion -match '2.0') + 
                ($healthStatus.BitLockerProtection -eq 'On') + 
                ($healthStatus.DefenderStatus -eq $true) + 
                ($healthStatus.FirewallStatus -eq $true)
            ) / 5 * 100, 2)

            $results += $healthStatus
        }
        catch {
            Write-Warning "$computer 健康检查失败: $_"
        }
    }

    $results | Format-Table -AutoSize
}

核心功能：

自动化验证设备安全基线配置
检测TPM 2.0和SecureBoot状态
评估BitLocker加密状态
生成设备合规性评分

应用场景：

零信任网络接入前检查
远程办公设备安全审计
合规性自动化报告生成

2024-05-20发表2025-03-25更新powershell / security2 分钟读完 (大约246个字)

PowerShell 技能连载 - 零信任架构设备健康检查

function Invoke-DeviceHealthCheck {
    [CmdletBinding()]
    param(
        [ValidateSet('Basic','Full')]
        [string]$ScanLevel = 'Basic'
    )

    $healthReport = [PSCustomObject]@{
        Timestamp     = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
        DeviceID      = (Get-CimInstance -ClassName Win32_ComputerSystem).Name
        Compliance    = $true
        SecurityScore = 100
        Findings      = @()
    }

    # 基础检查项
    $checks = @(
        { Get-CimInstance -ClassName Win32_BIOS | Select-Object Version,ReleaseDate },
        { Get-WindowsUpdateLog -Last 7 | Where Status -ne 'Installed' },
        { Get-NetFirewallProfile | Where Enabled -eq $false }
    )

    if ($ScanLevel -eq 'Full') {
        $checks += @(
            { Get-Service -Name WinDefend | Where Status -ne 'Running' },
            { Get-ChildItem 'C:\Temp' -Recurse -File | Where {$_.LastWriteTime -gt (Get-Date).AddDays(-1)} },
            { Get-LocalUser | Where PasswordNeverExpires -eq $true }
        )
    }

    foreach ($check in $checks) {
        try {
            $result = & $check
            if ($result) {
                $healthReport.Findings += [PSCustomObject]@{
                    CheckName = $check.ToString().Split('{')[1].Trim()
                    Status    = 'NonCompliant'
                    Details   = $result | ConvertTo-Json -Compress
                }
                $healthReport.SecurityScore -= 10
                $healthReport.Compliance = $false
            }
        }
        catch {
            Write-Warning "检查项执行失败: $_"
        }
    }

    $healthReport | Export-Clixml -Path "$env:TEMP\DeviceHealthReport_$(Get-Date -Format yyyyMMdd).xml"
    return $healthReport
}

核心功能：

多层级设备健康扫描（基础/完整模式）
实时安全态势评分机制
自动化合规性验证
XML格式审计报告生成

典型应用场景：

企业设备入网前合规检查
零信任架构下的持续设备验证
远程办公终端安全审计
安全基线的快速验证

2024-05-15发表2025-03-25更新powershell / security / devops2 分钟读完 (大约303个字)

PowerShell 技能连载 - 软件供应链安全自动化审计

function Invoke-SupplyChainScan {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$true)]
        [string]$ScanPath,
        
        [ValidateSet('Critical','High','Medium','Low')]
        [string]$SeverityLevel = 'Critical'
    )

    $report = [PSCustomObject]@{
        Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
        ScannedComponents = @()
        SecurityFindings = @()
    }

    # 组件哈希校验与签名验证
    Get-ChildItem $ScanPath -Recurse -Include *.dll,*.exe,*.psm1 | ForEach-Object {
        $fileHash = (Get-FileHash $_.FullName -Algorithm SHA256).Hash
        $signature = Get-AuthenticodeSignature $_.FullName
        
        $component = [PSCustomObject]@{
            FileName = $_.Name
            FilePath = $_.FullName
            SHA256 = $fileHash
            IsSigned = $signature.Status -eq 'Valid'
            Publisher = $signature.SignerCertificate.Subject
        }
        $report.ScannedComponents += $component

        if (-not $component.IsSigned) {
            $report.SecurityFindings += [PSCustomObject]@{
                Severity = 'High'
                Description = "未签名的组件: $($_.Name)"
                Recommendation = "要求供应商提供数字签名版本或验证组件来源"
            }
        }
    }

    # 依赖包漏洞扫描
    $nugetPackages = Get-ChildItem $ScanPath -Recurse -Include packages.config
    $nugetPackages | ForEach-Object {
        [xml]$config = Get-Content $_.FullName
        $config.packages.package | ForEach-Object {
            $cveData = Invoke-RestMethod "https://api.cvecheck.org/v1/search?id=$($_.id)"
            if ($cveData.vulnerabilities | Where-Object { $_.severity -ge $SeverityLevel }) {
                $report.SecurityFindings += [PSCustomObject]@{
                    Severity = $SeverityLevel
                    Description = "存在漏洞的依赖包: $($_.id) v$($_.version)"
                    Recommendation = "升级到最新安全版本 $($cveData.latestVersion)"
                }
            }
        }
    }

    $report | Export-Csv -Path "$ScanPath\SupplyChainReport_$(Get-Date -Format yyyyMMdd).csv" -NoTypeInformation
    return $report
}

核心功能：

软件组件哈希指纹校验
数字签名自动验证
NuGet依赖包漏洞扫描
CVE数据库集成查询

典型应用场景：

开发环境第三方组件安全检查
CI/CD流水线安全卡点
供应商交付物合规验证
企业软件资产安全基线报告

PowerShell 技能连载 - 零信任架构下的设备健康检查

PowerShell 技能连载 - 供应链安全漏洞扫描工具

PowerShell 技能连载 - 零信任架构下的设备健康检查

PowerShell 技能连载 - 零信任架构设备健康检查

PowerShell 技能连载 - 软件供应链安全自动化审计

链接

分类

最新文章

归档

标签

订阅更新