Skip to content

Commit

Permalink
发布v1.1
Browse files Browse the repository at this point in the history
  • Loading branch information
@DeEpinGh0st
DeEpinGh0st committed Jan 15, 2024
1 parent fb55707 commit 2c8ca80
Show file tree
Hide file tree
Showing 12 changed files with 375 additions and 198 deletions.
228 changes: 130 additions & 98 deletions Main.Designer.cs
View file

Large diffs are not rendered by default.

39 changes: 32 additions & 7 deletions Main.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,15 +71,18 @@ private void CheckBtn_Click(object sender, EventArgs e)
BaselineList.Rows[index].Cells[0].Value = xmlNode["name"].InnerText;
BaselineList.Rows[index].Cells[1].Value = xmlNode["description"].InnerText;
BaselineList.Rows[index].Cells[4].Value = xmlNode["standard"].InnerText;
BaselineList.Rows[index].Cells[8].Value = "string";
if (Util.ContainsElement(xmlNode, "valuetype"))
{
BaselineList.Rows[index].Cells[8].Value = xmlNode["valuetype"].InnerText;
}
string queryType = xmlNode["type"].InnerText;
string reality = string.Empty, section = string.Empty, warning = string.Empty;
//string warning = string.Empty;
string standard = xmlNode["standard"].InnerText;
switch (queryType)
{
case "secedit":
BaselineList.Rows[index].Cells[2].Value = "-";
BaselineList.Rows[index].Cells[3].Value = "-";
string mark = xmlNode["mark"].InnerText;
(section, reality) = Util.GetResultByMark(mark);
BaselineList.Rows[index].Cells[2].Value = section;
Expand All @@ -95,22 +98,33 @@ private void CheckBtn_Click(object sender, EventArgs e)
default:
break;
}
string dataType = xmlNode["dtype"].InnerText;
if (Util.ContainsElement(xmlNode, "warning"))
string assessment = xmlNode["assessment"].InnerText;
if (Util.ContainsElement(xmlNode, "manual"))
{
BaselineList.Rows[index].Cells[6].Value = "手动加固";
BaselineList.Rows[index].Cells[7].ReadOnly = true;
BaselineList.Rows[index].Cells[6].Style.ForeColor = Color.Orange;
BaselineList.Rows[index].Cells[7].Style.BackColor = Color.Orange;
BaselineList.Rows[index].Cells[7].ToolTipText = "该项不支持自动加固";
passCount++;
continue;
}
if (Util.ContainsElement(xmlNode, "ignore"))
{
BaselineList.Rows[index].Cells[6].Value = "已忽略";
BaselineList.Rows[index].Cells[7].ReadOnly = true;
BaselineList.Rows[index].Cells[6].Style.ForeColor = UIColor.LayuiBlue;
BaselineList.Rows[index].Cells[7].Style.BackColor = UIColor.LayuiBlue;
BaselineList.Rows[index].Cells[7].ToolTipText = "该项配置为忽略";
passCount++;
continue;
}
BaselineList.Rows[index].Cells[6].Value = "不符合";
if (reality.Equals("未设置"))
{
continue;
}
switch (dataType)
switch (assessment)
{
case "fixed"://注:固定值为不符合
if (!reality.Equals(standard))
Expand Down Expand Up @@ -228,13 +242,14 @@ private void FortifyBtn_Click(object sender, EventArgs e)
{
continue;
}
string fortifyItem, fortifyField, fortifyValue = string.Empty;
string fortifyItem, fortifyField, fortifyValue, fortifyValueType = string.Empty;
fortifyItem = dataGridViewRow.Cells["ItemColumn"].Value.ToString();
fortifyField = dataGridViewRow.Cells["FieldColumn"].Value.ToString();
fortifyValue = dataGridViewRow.Cells["StandardColumn"].Value.ToString();
fortifyValueType = dataGridViewRow.Cells["ValueTypeColumn"].Value.ToString();
if (fortifyItem.Contains("HKEY"))
{
RegistryHelper.SaveValue(fortifyItem, fortifyField, fortifyValue);
RegistryHelper.SaveValue(fortifyItem, fortifyField, fortifyValue, fortifyValueType);
fortifyCount++;
continue;
}
Expand Down Expand Up @@ -331,5 +346,15 @@ private void RepoLinkLabel_Click(object sender, EventArgs e)
{
Process.Start("https://github.com/DeEpinGh0st/WindowsBaselineAssistant");
}

private void showValueTypeuiCheckBox_CheckedChanged(object sender, EventArgs e)
{
if (!showValueTypeuiCheckBox.Checked)
{
BaselineList.Columns[8].Visible = false;
return;
}
BaselineList.Columns[8].Visible = true;
}
}
}
3 changes: 3 additions & 0 deletions Main.resx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,9 @@
<metadata name="FortifyColumn.UserAddedColumn" type="System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>True</value>
</metadata>
<metadata name="ValueTypeColumn.UserAddedColumn" type="System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<value>True</value>
</metadata>
<assembly alias="System.Drawing" name="System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<data name="$this.Icon" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
<value>
Expand Down
4 changes: 2 additions & 2 deletions Properties/AssemblyInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,5 +28,5 @@
// 生成号
// 修订号
//
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]
[assembly: AssemblyVersion("1.1.0.0")]
[assembly: AssemblyFileVersion("1.1.0.0")]
73 changes: 56 additions & 17 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ WindowsBaselineAssistant(WBA)是一个用于检测和加固Windows安全基线

## 截图

![UIMain](/assets/image-20240109220715021.png)
![UIMain](./assets/image-20240115155426706.png)


## 工具运行要求
Expand All @@ -30,13 +30,14 @@ WBA的所有规则位于`item.xml`文件中,其中检测规则分为`registry`

```xml
<item>
<name>检查是否已启用并正确配置ICMP攻击保护</name>
<description>配置ICMP攻击保护预防ICMP攻击,防止DOS攻击导致服务器停止响应与奔溃</description>
<name>检查源路由配置</name>
<description>源路由攻击有源地址欺骗、IP欺骗等,为了提高系统的可靠性,需要检查是否启用正确配置源路由攻击保护.</description>
<type>registry</type>
<registry>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters</registry>
<regitem>EnableICMPRedirect</regitem>
<standard>0</standard>
<dtype>enum</dtype>
<registry>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters</registry>
<regitem>DisableIPSourceRouting</regitem>
<standard>2</standard>
<assessment>enum</assessment>
<valuetype>dword</valuetype>
</item>
```
| 名称 | 解释 |
Expand All @@ -47,7 +48,8 @@ WBA的所有规则位于`item.xml`文件中,其中检测规则分为`registry`
| registry | 检测项的注册表路径 |
| regitem | 检测的注册表项 |
| standard | 标准值 |
| dtype | 判定规则(见: 判定规则) |
| assessment | 判定规则(见: 判定规则) |
| valuetype | 注册表数据类型(见: 数据类型) |


**secedit(读取config.cfg信息)**
Expand All @@ -58,7 +60,7 @@ WBA的所有规则位于`item.xml`文件中,其中检测规则分为`registry`
<type>secedit</type>
<mark>MaximumPasswordAge</mark>
<standard>90</standard>
<dtype>greaternumber</dtype>
<assessment>greaternumber</assessment>
</item>
```
| 名称 | 解释 |
Expand All @@ -68,7 +70,29 @@ WBA的所有规则位于`item.xml`文件中,其中检测规则分为`registry`
| type | 同上 |
| mark | secedit文件中的键 |
| standard | 同上 |
| dtype | 同上 |
| assessment | 同上 |

**附加标识**

manual: 用于标识检测项需要手动进行加固

```xml
<item>
<manual>1<manual>
</item>
```

![image-20240115160311962](./assets/image-20240115160311962.png)

ignore: 用于标识检测项为已忽略

```xml
<item>
<ignore>1<ignore>
</item>
```

![image-20240115160420571](./assets/image-20240115160420571.png)

**判定规则**

Expand All @@ -81,14 +105,28 @@ WBA的所有规则位于`item.xml`文件中,其中检测规则分为`registry`
| array | 检测项的标准值是一个数组(多行) | 相同: 符合 反之: 不符合 |
| equals | 检测项的标准值等于检测值 | 相同: 符合 反之: 不符合 |

**数据类型**

| 注册表类型 | 工具映射类型 | 类型解释 |
| ------------ | ------------ | ---------------------------------------------- |
| String | string | 字符串类型 |
| ExpandString | expandstring | 可扩展字符串类型的注册表值,通常包含了环境变量 |
| Binary | 暂不支持 | 二进制数据类型 |
| DWord | dword | 32位整数类型 |
| QWord | qword | 64位整数类型 |
| MultiString | multistring | 多行字符串类型 |
| Unknown | 默认 | 未知类型 |
| None | 暂不支持 | 没有特定类型 |

****

如现在要检测`重新传输的TCP连接阈值`
检测类型为`检索注册表`
检索的注册表路径为`HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters`
检测项为`TcpMaxHalfOpenRetried`
标准值为`400`
检测值要小于此值时`判定符合`
如现在要检测`重新传输的TCP连接阈值`
检测类型为`检索注册表 `
检索的注册表路径为`HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters`
检测项为`TcpMaxHalfOpenRetried`
标准值为`400`
数据类型为`DWord`
检测值要小于此值时`判定符合`

```xml
<item>
Expand All @@ -98,7 +136,8 @@ WBA的所有规则位于`item.xml`文件中,其中检测规则分为`registry`
<registry>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters</registry>
<regitem>TcpMaxHalfOpenRetried</regitem>
<standard>400</standard>
<dtype>lessnumber</dtype>
<assessment>lessnumber</assessment>
<valuetype>dword</valuetype>
</item>
```

Expand Down
55 changes: 47 additions & 8 deletions RegistryHelper.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@ private static string ArrayToString(string[] strings)
string result = string.Empty;
foreach (var item in strings)
{
result = result + item + "\r\n";
result = result + item + ",";
}
return result;
return result.Substring(0, result.Length - 1);
}

private static (RegistryKey, string) FormatBaseKey(string fullSoftwareKey)
Expand Down Expand Up @@ -106,17 +106,22 @@ public static string GetValue(RegistryKey registryKey, string softwareKey, strin
public static void SaveValue(string softwareKey, string key, string value)
{
(RegistryKey registryKey, string subKey) = FormatBaseKey(softwareKey);
//return GetValue(registryKey, subKey, key);
SaveValue(registryKey, subKey, key, value);
SaveValue(registryKey, subKey, key, value, "String");
}


public static void SaveValue(string softwareKey, string key, string value, string kind)
{
(RegistryKey registryKey, string subKey) = FormatBaseKey(softwareKey);
SaveValue(registryKey, subKey, key, value, kind);
}
/// <summary>
/// Saves the key and the value to registry.
/// </summary>
/// <param name="key">registry key</param>
/// <param name="value">the value of the key</param>
/// <returns>Returns true if successful, otherwise return false.</returns>
public static void SaveValue(RegistryKey registryKey, string softwareKey, string key, string value)
public static void SaveValue(RegistryKey registryKey, string softwareKey, string key, string value, string kind)
{
try
{
Expand All @@ -136,13 +141,47 @@ public static void SaveValue(RegistryKey registryKey, string softwareKey, string
{
reg = registryKey.CreateSubKey(softwareKey);
}
reg.SetValue(key, value);
//return true;
(RegistryValueKind valueType, object valueReality) = GetValueKind(kind, value);
reg.SetValue(key, valueReality, valueType);
}
catch (Exception)
{
throw;
//return false;
}
}

/// <summary>
/// 获取配置文件检测项数据类型
/// </summary>
/// <param name="kind">检测项类型</param>
/// <param name="valueType">转换后的注册表数据类型</param>
/// <returns></returns>
private static (RegistryValueKind, object) GetValueKind(string kind, string value)
{
RegistryValueKind valueType;
switch (kind)
{
case "string":
valueType = RegistryValueKind.String;
return (valueType, value);
case "expandstring":
valueType = RegistryValueKind.ExpandString;
return (valueType, value);
/*case "Binary":
valueType = RegistryValueKind.Binary;
break;*/
case "dword":
valueType = RegistryValueKind.DWord;
return (valueType, value);
case "qword":
valueType = RegistryValueKind.QWord;
return (valueType, value);
case "multistring":
valueType = RegistryValueKind.MultiString;
return (valueType, value.Split(','));
default:
valueType = RegistryValueKind.String;
return (valueType, value);
}
}
#endregion
Expand Down
4 changes: 2 additions & 2 deletions Report.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ public static void WriteDataGridViewToExcel(DataGridView dataGridView, ISheet sh
ICellStyle cellStyle = sheet.Workbook.CreateCellStyle();
// 写入表头
IRow headerRow = sheet.CreateRow(1);
for (int i = 0; i < dataGridView.Columns.Count - 1; i++) // 不输出最后一列数据
for (int i = 0; i < dataGridView.Columns.Count - 2; i++) // 不输出最后两列数据
{
ICell cell = headerRow.CreateCell(i);
cell.SetCellValue(dataGridView.Columns[i].HeaderText);
Expand All @@ -105,7 +105,7 @@ public static void WriteDataGridViewToExcel(DataGridView dataGridView, ISheet sh
DataGridViewRow dataGridViewRow = dataGridView.Rows[i];
IRow excelRow = sheet.CreateRow(i + 2);

for (int j = 0; j < dataGridViewRow.Cells.Count - 1; j++) // 不输出最后一列数据
for (int j = 0; j < dataGridViewRow.Cells.Count - 2; j++) // 不输出最后两列数据
{
DataGridViewCell dataGridViewCell = dataGridViewRow.Cells[j];
ICell cell = excelRow.CreateCell(j);
Expand Down
7 changes: 3 additions & 4 deletions WindowsBaselineAssistant.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
<TargetFrameworkProfile />
<IsWebBootstrapper>false</IsWebBootstrapper>
<PublishUrl>publish\</PublishUrl>
<Install>true</Install>
<InstallFrom>Disk</InstallFrom>
Expand All @@ -24,14 +25,13 @@
<MapFileExtensions>true</MapFileExtensions>
<ApplicationRevision>0</ApplicationRevision>
<ApplicationVersion>1.0.0.%2a</ApplicationVersion>
<IsWebBootstrapper>false</IsWebBootstrapper>
<UseApplicationTrust>false</UseApplicationTrust>
<BootstrapperEnabled>true</BootstrapperEnabled>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<DebugSymbols>false</DebugSymbols>
<DebugType>none</DebugType>
<DebugSymbols>true</DebugSymbols>
<DebugType>pdbonly</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
Expand Down Expand Up @@ -143,7 +143,6 @@
<None Include="Resources\file_type_registry_icon_130200.png" />
</ItemGroup>
<ItemGroup>
<Content Include="1486051850-windowssocialnetworkbrandlogo_79070.ico" />
<Content Include="logo.ico" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
Expand Down
Binary file added assets/image-20240115155426706.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/image-20240115160311962.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added assets/image-20240115160420571.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading

0 comments on commit 2c8ca80

Please sign in to comment.