Lucene search
K

AKIF Orientierungshilfe Windows 10: Ueberpruefungen

🗓️ 10 Feb 2017 00:00:00Reported by Copyright (C) 2017 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 81 Views

AKIF Orientierungshilfe Windows 10: Ueberpruefungen routin

Refs
Code
# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.108078");
  script_version("2025-02-04T05:37:53+0000");
  script_tag(name:"last_modification", value:"2025-02-04 05:37:53 +0000 (Tue, 04 Feb 2025)");
  script_tag(name:"creation_date", value:"2017-02-10 10:55:08 +0100 (Fri, 10 Feb 2017)");
  script_tag(name:"cvss_base", value:"0.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
  script_name("AKIF Orientierungshilfe Windows 10: Ueberpruefungen");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_family("Policy");
  script_dependencies("smb_reg_service_pack.nasl", "lsc_options.nasl");
  script_mandatory_keys("SMB/WindowsName");
  script_require_ports(139, 445);

  script_xref(name:"URL", value:"https://www.it-sicherheit.mpg.de/Orientierungshilfe_Windows10.pdf");

  script_tag(name:"summary", value:"Diese Routine folgt der 'Orientierungshilfe zur datenarmen
  Konfiguration von Windows 10' des Arbeitskreis Informationssicherheit der deutschen
  Forschungseinrichtungen (AKIF) und ueberprueft das Host-System auf dessen Empfehlungen.");

  script_add_preference(name:"Orientierungshilfe Windows 10 Policies", type:"file", value:"", id:1);

  script_tag(name:"qod", value:"98");

  exit(0);
}

include("smb_nt.inc");
include("win_cmd_func.inc");

if( get_kb_item( "win/lsc/disable_win_cmd_exec" ) ) {
  win_cmd_exec_disabled = TRUE;
}

function check_policy( check_desc, check_num, check_type, reg_key, reg_name, reg_type, reg_value, service_name, startup_type, wmi_username, wmi_password ) {

  local_var check_desc, check_num, check_type, reg_key, reg_name, reg_type, reg_value, service_name;
  local_var startup_type, response, current_value, text_response, serQueryRes, cmd, extra;
  local_var wmi_username, wmi_password;

  if( "Registry" >< check_type ) {

    text_response = check_desc + '||' + check_num + '||' + check_type + '||' + reg_key + '||' + reg_name + '||' + reg_type + '||' + reg_value + '||';

    if( reg_key == "./." ) {
      return make_list( "unimplemented", text_response + 'Ueberpruefungs-Details in Policy Datei fehlen.\n');
    }

    if( "HKCU\" >< reg_key ) {
      reg_key = str_replace( string:reg_key, find:"HKCU\", replace:"", count:1 );
      type = "HKCU";
    } else if( "HKLM\" >< reg_key ) {
      reg_key = str_replace( string:reg_key, find:"HKLM\", replace:"", count:1 );
      type = "HKLM";
    } else {
      return make_list( "error", text_response + '(fehlerhafte "Reg-Key" Details in Policy Datei).\n' );
    }

    if( ! registry_key_exists( key:reg_key, type:type ) ) {
      return make_list( "failed", text_response + 'Registry-Key nicht vorhanden.\n' );
    }

    if( "DWORD" >< reg_type ) {
      current_value = registry_get_dword( key:reg_key, item:reg_name, type:type );
    } else if( "STRING" >< reg_type ) {
      current_value = registry_get_sz( key:reg_key, item:reg_name, type:type );
    } else {
      return make_list( "error", text_response + 'Ueberpruefung fehlgeschlagen (fehlerhafte "Reg-Type" Details in Policy Datei).\n' );
    }

    if( isnull( current_value ) ) {
      return make_list( "failed", text_response + 'Registry-Name nicht vorhanden.\n' );
    } else if( current_value == reg_value ) {
      return make_list( "passed", text_response + current_value + '\n' );
    } else if( current_value != reg_value ) {
      return make_list( "failed", text_response + current_value + '\n' );
    } else {
      return make_list( "error", text_response + 'Ueberpruefung fehlgeschlagen.\n' );
    }
  } else if( "Service" >< check_type ) {

    text_response = check_desc + '||' + check_num + '||' + check_type + '||' + service_name + '||' + startup_type + '||';

    if( defined_func( "win_cmd_exec" ) ) {

      if( win_cmd_exec_disabled ) {
        return make_list( "error", text_response + 'Ueberpruefung fehlgeschlagen. Die Verwendung der benoetigten win_cmd_exec Funktion wurde in "Options for Local Security Checks (OID: 1.3.6.1.4.1.25623.1.0.100509)" manuell deaktiviert.\n' );
      }

      cmd = "cmd /c sc qc " + service_name;
      serQueryRes = win_run_cmd( cmd:cmd );

      #START_TYPE         : 2   AUTO_START
      #START_TYPE         : 2   AUTO_START  (DELAYED)
      #START_TYPE         : 3   DEMAND_START
      #START_TYPE         : 4   DISABLED
      if( "START_TYPE" >< serQueryRes ) {
        if( toupper( startup_type ) >< serQueryRes ) {
          return make_list( "passed", text_response + 'Disabled\n' );
        } else if( "AUTO_START" >< serQueryRes && "DELAYED" >< serQueryRes ) {
          return make_list( "failed", text_response + 'Automatic (Delayed Start)\n' );
        } else if( "AUTO_START" >< serQueryRes ) {
          return make_list( "failed", text_response + 'Automatic\n' );
        } else if( "DEMAND_START" >< serQueryRes ) {
          return make_list( "failed", text_response + 'Manual\n' );
        } else {
          if( serQueryRes ) extra = ' Fehlermeldung: ' + chomp( serQueryRes ) + '.';
          return make_list( "error", text_response + 'Ueberpruefung fehlgeschlagen.' + extra + '\n' );
        }
      } else if( "Access is denied" >< serQueryRes ) {
        return make_list( "error", text_response + 'Ueberpruefung fehlgeschlagen. Der Zugriff wurde verweigert.\n' );
      } else if( "The specified service does not exist as an installed service." >< serQueryRes ) {
        return make_list( "error", text_response + 'Ueberpruefung fehlgeschlagen. Der Service existiert nicht.\n' );
      } else {
        if( serQueryRes ) extra = ' Fehlermeldung: ' + chomp( serQueryRes ) + '.';
        return make_list( "error", text_response + 'Ueberpruefung fehlgeschlagen.' + extra + '\n' );
      }
    } else {
      return make_list( "error", text_response + 'Ueberpruefung fehlgeschlagen (keine WMI Unterstuetzung vorhanden).\n' );
    }
  } else {
    if( reg_key ) {
      text_response = check_desc + '||' + check_num + '||' + check_type + '||' + reg_key + '||' + reg_name + '||' + reg_type + '||' + reg_value + '||';
    } else {
      text_response = check_desc + '||' + check_num + '||' + check_type + '||' + service_name + '||' + startup_type + '||';
    }
    return make_list( "error", text_response + 'Ueberpruefung fehlgeschlagen (fehlerhafte "Ueberpruefung" Details in Policy Datei).\n' );
  }
}

if( ! windows_name = get_kb_item( "SMB/WindowsName" ) ) exit( 0 );

policy_file = script_get_preference_file_content( "Orientierungshilfe Windows 10 Policies" );
if( ! policy_file ) exit( 0 );

policy_lines = split( policy_file, keep:FALSE );

max = max_index( policy_lines );

if( max < 5 ) {
  set_kb_item( name:"policy/orientierungshilfe_win10/error",
               value:"Die Orientierungshilfe Windows 10 Policy Datei ist leer. Es koennen keine Ueberpruefungen durchgefuehrt werden." );
  exit( 0 );
}

if( "Windows 10" >!< windows_name ) {
  set_kb_item( name:"policy/orientierungshilfe_win10/error",
               value:"Es konnte kein Windows 10 erkannt werden (erkanntes OS: " + windows_name + "). Es koennen keine Ueberpruefungen durchgefuehrt werden." );
  exit( 0 );
}

# nb: Windows 10 LTSB (Long Term Servicing Branch) does not have Cortana, Microsoft Edge or Windows Store installed. Thus some registry entries do not have to be set or may vary (IE instead of Edge for example)
if( "LTSB" >< windows_name ) {
  ltsb_version = TRUE;
}

# Login for the win_cmd_exec in check_policy()
wmi_username = kb_smb_login();
wmi_password = kb_smb_password();
wmi_domain = kb_smb_domain();

# We have SMB/WindowsName when reaching this part so a login was possible
# Still exit if something went wrong / is missing
if( ! wmi_username && ! wmi_password ) exit( 0 );
if( wmi_domain ) wmi_username = wmi_domain + "/" + wmi_username;

for( i = 0 ; i < max; i++ ) {

  if( policy_lines[i] == "" ) continue;

  entry = split( policy_lines[i], sep:":", keep:FALSE );
  if( entry[0] == "Beschreibung" ) {
    check_desc = entry[1];
  } else if( entry[0] == "Nummerierung" ) {
    check_num = entry[1];
  } else if( entry[0] == "Ueberpruefung" ) {
    check_type = entry[1];
  } else if( entry[0] == "Reg-Key" ) {
    reg_key = entry[1];
  } else if( entry[0] == "Reg-Name" ) {
    reg_name = entry[1];
  } else if( entry[0] == "Reg-Type" ) {
    reg_type = entry[1];
  } else if( entry[0] == "Reg-Value" ) {
    reg_value = entry[1];
  } else if( entry[0] == "Service-Name" ) {
    service_name = entry[1];
  } else if( entry[0] == "Startup-Type" ) {
    startup_type = entry[1];
  } else if( entry[0] == "Servicing-Branch" ) {
    servicing_branch = entry[1];
  }

  if( ( i == max - 1 ) || ( policy_lines[ i + 1 ] == "" ) ) {
    # there are (at least) two types if servicing branches: LTSB and CB (Current Branch). each registry-entry has a flag LTSB and / or CB
    if( ( ltsb_version && "LTSB" >< servicing_branch ) || ( ! ltsb_version && "CB" >< servicing_branch ) || ( ! servicing_branch ) ) {
      status = check_policy( check_desc:check_desc, check_num:check_num, check_type:check_type, reg_key:reg_key,
                             reg_name:reg_name, reg_type:reg_type, reg_value:reg_value, service_name:service_name,
                             startup_type:startup_type, wmi_username:wmi_username, wmi_password:wmi_password );
      if( status[0] == "passed" ) {
        policy_pass += status[1] + "#-#";
      } else if( status[0] == "failed" ) {
        policy_fail += status[1] + "#-#";
      } else if( status[0] == "unimplemented" ) {
        policy_error += status[1] + "#-#";
      } else if( status[0] == "error" ) {
        policy_error += status[1] + "#-#";
      }
    }

    # Reset previous declared variables in the loop
    check_desc = NULL; check_num = NULL; check_type = NULL; reg_key = NULL; reg_name = NULL; reg_type = NULL; reg_value = NULL; service_name = NULL; startup_type = NULL; servicing_branch = NULL;
  }
}

if( policy_pass )
  set_kb_item( name:"policy/orientierungshilfe_win10/passed", value:policy_pass );
if( policy_fail )
  set_kb_item( name:"policy/orientierungshilfe_win10/failed", value:policy_fail );
if( policy_error )
  set_kb_item( name:"policy/orientierungshilfe_win10/error", value:policy_error );

exit( 0 );

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2025 00:00Current
7.3High risk
Vulners AI Score7.3
81