PowerShell 技能连载 - 零信任架构下的设备健康检查

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
function Invoke-DeviceHealthCheck {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[string]$DeviceName
)

$healthReport = [PSCustomObject]@{
Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
Device = $DeviceName
TPMEnabled = $false
SecureBoot = $false
AntivirusStatus = 'Unknown'
ComplianceScore = 0
}

try {
# 检查TPM状态
$tpm = Get-Tpm -ErrorAction Stop
$healthReport.TPMEnabled = $tpm.TpmPresent

# 验证安全启动状态
$healthReport.SecureBoot = Confirm-SecureBootUEFI

# 获取反病毒状态
$avStatus = Get-MpComputerStatus
$healthReport.AntivirusStatus = $avStatus.AMServiceEnabled ? 'Active' : 'Inactive'

# 计算合规分数
$compliance = 0
if($healthReport.TPMEnabled) { $compliance += 30 }
if($healthReport.SecureBoot) { $compliance += 30 }
if($healthReport.AntivirusStatus -eq 'Active') { $compliance += 40 }
$healthReport.ComplianceScore = $compliance
}
catch {
Write-Warning "设备健康检查失败: $_"
}

$healthReport | Export-Clixml -Path "$env:TEMP/DeviceHealth_$DeviceName.xml"
return $healthReport
}

核心功能

  1. TPM芯片状态验证
  2. 安全启动模式检测
  3. 反病毒服务状态监控
  4. 自动化合规评分

应用场景

  • 零信任架构准入控制
  • 远程办公设备安全审计
  • 合规性基线验证
  • 安全事件响应前置检查

PowerShell 技能连载 - 供应链安全漏洞扫描工具

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
function Invoke-SupplyChainScan {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[string]$ScanPath,

[ValidateSet('Critical','High','Medium','Low')]
[string]$SeverityLevel = 'Critical'
)

$report = [PSCustomObject]@{
Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
ScannedComponents = @()
SecurityFindings = @()
}

# 组件哈希校验
Get-ChildItem $ScanPath -Recurse -Include *.dll,*.exe,*.psm1 | ForEach-Object {
$fileHash = (Get-FileHash $_.FullName -Algorithm SHA256).Hash
$signature = Get-AuthenticodeSignature $_.FullName

$component = [PSCustomObject]@{
FileName = $_.Name
FilePath = $_.FullName
SHA256 = $fileHash
IsSigned = $signature.Status -eq 'Valid'
Publisher = $signature.SignerCertificate.Subject
}
$report.ScannedComponents += $component

if (-not $component.IsSigned) {
$report.SecurityFindings += [PSCustomObject]@{
Severity = 'High'
Description = "未签名的组件: $($_.Name)"
Recommendation = "要求供应商提供数字签名版本或验证组件来源"
}
}
}

# 依赖包漏洞扫描
$nugetPackages = Get-ChildItem $ScanPath -Recurse -Include packages.config
$nugetPackages | ForEach-Object {
[xml]$config = Get-Content $_.FullName
$config.packages.package | ForEach-Object {
$cveData = Invoke-RestMethod "https://api.cvecheck.org/v1/search?id=$($_.id)"
if ($cveData.vulnerabilities | Where-Object { $_.severity -ge $SeverityLevel }) {
$report.SecurityFindings += [PSCustomObject]@{
Severity = $SeverityLevel
Description = "存在漏洞的依赖包: $($_.id) v$($_.version)"
Recommendation = "升级到最新安全版本 $($cveData.latestVersion)"
}
}
}
}

$report | Export-Csv -Path "$ScanPath\SupplyChainReport_$(Get-Date -Format yyyyMMdd).csv" -NoTypeInformation
return $report
}

核心功能

  1. 软件组件供应链安全扫描
  2. 依赖包漏洞自动化检测
  3. 数字签名验证机制
  4. CVE漏洞数据库集成

典型应用场景

  • 开发环境第三方组件安全检查
  • 软件构建流水线安全审计
  • 供应商交付物合规验证
  • 企业软件资产安全基线报告生成

PowerShell 技能连载 - 零信任架构下的设备健康检查

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
function Invoke-DeviceHealthCheck {
param(
[string[]]$ComputerNames = $env:COMPUTERNAME
)

$securityBaseline = @{
SecureBootEnabled = $true
TPMPresent = $true
BitLockerStatus = 'FullyEncrypted'
AntivirusStatus = 'Enabled'
FirewallProfile = 'Domain'
}

$results = @()

foreach ($computer in $ComputerNames) {
try {
$osInfo = Get-CimInstance -ClassName Win32_OperatingSystem -ComputerName $computer
$tpm = Get-CimInstance -ClassName Win32_Tpm -ComputerName $computer -ErrorAction Stop
$bitlocker = Get-BitLockerVolume -MountPoint $osInfo.SystemDrive -ErrorAction Stop

$healthStatus = [PSCustomObject]@{
ComputerName = $computer
LastBootTime = $osInfo.LastBootUpTime
SecureBoot = [bool](Confirm-SecureBootUEFI)
TPMVersion = $tpm.SpecVersion
BitLockerProtection = $bitlocker.ProtectionStatus
DefenderStatus = (Get-MpComputerStatus).AntivirusEnabled
FirewallStatus = (Get-NetFirewallProfile -Name Domain).Enabled
ComplianceScore = 0
}

# 计算合规分数
$healthStatus.ComplianceScore = [math]::Round((
($healthStatus.SecureBoot -eq $securityBaseline.SecureBootEnabled) +
($healthStatus.TPMVersion -match '2.0') +
($healthStatus.BitLockerProtection -eq 'On') +
($healthStatus.DefenderStatus -eq $true) +
($healthStatus.FirewallStatus -eq $true)
) / 5 * 100, 2)

$results += $healthStatus
}
catch {
Write-Warning "$computer 健康检查失败: $_"
}
}

$results | Format-Table -AutoSize
}

核心功能:

  1. 自动化验证设备安全基线配置
  2. 检测TPM 2.0和SecureBoot状态
  3. 评估BitLocker加密状态
  4. 生成设备合规性评分

应用场景:

  • 零信任网络接入前检查
  • 远程办公设备安全审计
  • 合规性自动化报告生成

PowerShell 技能连载 - 零信任架构设备健康检查

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
function Invoke-DeviceHealthCheck {
[CmdletBinding()]
param(
[ValidateSet('Basic','Full')]
[string]$ScanLevel = 'Basic'
)

$healthReport = [PSCustomObject]@{
Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
DeviceID = (Get-CimInstance -ClassName Win32_ComputerSystem).Name
Compliance = $true
SecurityScore = 100
Findings = @()
}

# 基础检查项
$checks = @(
{ Get-CimInstance -ClassName Win32_BIOS | Select-Object Version,ReleaseDate },
{ Get-WindowsUpdateLog -Last 7 | Where Status -ne 'Installed' },
{ Get-NetFirewallProfile | Where Enabled -eq $false }
)

if ($ScanLevel -eq 'Full') {
$checks += @(
{ Get-Service -Name WinDefend | Where Status -ne 'Running' },
{ Get-ChildItem 'C:\Temp' -Recurse -File | Where {$_.LastWriteTime -gt (Get-Date).AddDays(-1)} },
{ Get-LocalUser | Where PasswordNeverExpires -eq $true }
)
}

foreach ($check in $checks) {
try {
$result = & $check
if ($result) {
$healthReport.Findings += [PSCustomObject]@{
CheckName = $check.ToString().Split('{')[1].Trim()
Status = 'NonCompliant'
Details = $result | ConvertTo-Json -Compress
}
$healthReport.SecurityScore -= 10
$healthReport.Compliance = $false
}
}
catch {
Write-Warning "检查项执行失败: $_"
}
}

$healthReport | Export-Clixml -Path "$env:TEMP\DeviceHealthReport_$(Get-Date -Format yyyyMMdd).xml"
return $healthReport
}

核心功能

  1. 多层级设备健康扫描(基础/完整模式)
  2. 实时安全态势评分机制
  3. 自动化合规性验证
  4. XML格式审计报告生成

典型应用场景

  • 企业设备入网前合规检查
  • 零信任架构下的持续设备验证
  • 远程办公终端安全审计
  • 安全基线的快速验证

PowerShell 技能连载 - 软件供应链安全自动化审计

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
function Invoke-SupplyChainScan {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[string]$ScanPath,

[ValidateSet('Critical','High','Medium','Low')]
[string]$SeverityLevel = 'Critical'
)

$report = [PSCustomObject]@{
Timestamp = Get-Date -Format 'yyyy-MM-dd HH:mm:ss'
ScannedComponents = @()
SecurityFindings = @()
}

# 组件哈希校验与签名验证
Get-ChildItem $ScanPath -Recurse -Include *.dll,*.exe,*.psm1 | ForEach-Object {
$fileHash = (Get-FileHash $_.FullName -Algorithm SHA256).Hash
$signature = Get-AuthenticodeSignature $_.FullName

$component = [PSCustomObject]@{
FileName = $_.Name
FilePath = $_.FullName
SHA256 = $fileHash
IsSigned = $signature.Status -eq 'Valid'
Publisher = $signature.SignerCertificate.Subject
}
$report.ScannedComponents += $component

if (-not $component.IsSigned) {
$report.SecurityFindings += [PSCustomObject]@{
Severity = 'High'
Description = "未签名的组件: $($_.Name)"
Recommendation = "要求供应商提供数字签名版本或验证组件来源"
}
}
}

# 依赖包漏洞扫描
$nugetPackages = Get-ChildItem $ScanPath -Recurse -Include packages.config
$nugetPackages | ForEach-Object {
[xml]$config = Get-Content $_.FullName
$config.packages.package | ForEach-Object {
$cveData = Invoke-RestMethod "https://api.cvecheck.org/v1/search?id=$($_.id)"
if ($cveData.vulnerabilities | Where-Object { $_.severity -ge $SeverityLevel }) {
$report.SecurityFindings += [PSCustomObject]@{
Severity = $SeverityLevel
Description = "存在漏洞的依赖包: $($_.id) v$($_.version)"
Recommendation = "升级到最新安全版本 $($cveData.latestVersion)"
}
}
}
}

$report | Export-Csv -Path "$ScanPath\SupplyChainReport_$(Get-Date -Format yyyyMMdd).csv" -NoTypeInformation
return $report
}

核心功能

  1. 软件组件哈希指纹校验
  2. 数字签名自动验证
  3. NuGet依赖包漏洞扫描
  4. CVE数据库集成查询

典型应用场景

  • 开发环境第三方组件安全检查
  • CI/CD流水线安全卡点
  • 供应商交付物合规验证
  • 企业软件资产安全基线报告