2023年7月26日发(作者：)

mysql等保测评命令_安全计算环境-⼆级等级保护测评指导和⾃动化脚本@echo offfor /f "tokens=4" %%a in ('route print^|findstr 0.0.0.0.*0.0.0.0') do (if not "%%a" == "默认" set IPaddress=%%a)cdC:md %IPaddress%cd %IPaddress%echo 1.系统信息(CreatedbyG) > %IPaddress%systeminfo >> %IPaddress%echo 2.⽹卡信息(CreatedbyG) >> %IPaddress%ipconfig >> %IPaddress%echo 3.监听端⼝(CreatedbyG) >> %IPaddress%netstat -an | find"LISTENING" >> %IPaddress%echo 4.系统服务(CreatedbyG) >> %IPaddress%net start >> %IPaddress%echo 5.系统进程(CreatedbyG) >> %IPaddress%tasklist >> %IPaddress%echo 6.软件列表(CreatedbyG) >> %IPaddress%for /f "tokens=3delims=" %%i in ('reg query HKLMSOFTWARE') do (>> %IPaddress% echo ******************>> %IPaddress% echo 软件名称:%%i>> %IPaddress% echo ******************if not "%%i"=="Classes" for /f "tokens=4 delims=" %%j in ('reg queryHKLMSOFTWARE%%i 2^>nul') do (echo 软件信息: %%j>> %IPaddress%))echo 7.本地策略(CreatedbyG) >>%IPaddress%secedit /export /cfg C:o ---密码策略--- >> %IPaddress%echo "0表⽰禁⽤，1表⽰启⽤" >>%IPaddress%echo *密码必须符合复杂性要求* >> %IPaddress%find "PasswordComplexity" C: |find"PasswordComplexity = ">> %IPaddress%echo *密码长度最⼩值* >> %IPaddress%find "MinimumPasswordLength"C:|find "MinimumPasswordLength = " >> %IPaddress%echo *密码最短使⽤期限* >> %IPaddress%find"MinimumPasswordAge" C:|find "MinimumPasswordAge = " >> %IPaddress%echo *密码最长使⽤期限* >>%IPaddress%find "MaximumPasswordAge" C:|find "MaximumPasswordAge = " >> %IPaddress%echo *强制密码历史*>> %IPaddress%find "PasswordHistorySize" C:|find "PasswordHistorySize = " >> %IPaddress%echo *⽤可还原的加密来存储密码* >> %IPaddress%find "ClearTextPassword" C:|find "ClearTextPassword = " >> %IPaddress%echo ---账户锁定策略(⽆结果表⽰未开启)--- >> %IPaddress%echo *账户锁定时间* >> %IPaddress%find "LockoutDuration" C: |find"LockoutDuration" >> %IPaddress%echo *复位账户锁定计时器* >> %IPaddress%find "ResetLockoutCount" C: |find"ResetLockoutCount">> %IPaddress%echo *账户锁定阈值* >> %IPaddress%find "LockoutBadCount" C: |find"LockoutBadCount" >> %IPaddress%echo ---审核策略--- >> %IPaddress%echo ---0表⽰⽆审核，1表⽰成功审核，2表⽰失败审核，3表⽰成功和失败审核--- >> %IPaddress%echo *审核帐户管理* >> %IPaddress%find "AuditAccountManage" C: | find"AuditAccountManage" >> %IPaddress%echo *审核帐户登录事件* >> %IPaddress%find "AuditAccountLogon" C: | find"AuditAccountLogon" >> %IPaddress%echo *审核系统事件* >> %IPaddress%find "AuditSystemEvents" C: | find"AuditSystemEvents" >> %IPaddress%echo *审核⽬录服务访问* >> %IPaddress%find "AuditDSAccess" C: | find"AuditDSAccess" >> %IPaddress%echo *审核过程跟踪* >> %IPaddress%find "AuditProcessTracking" C: | find"AuditProcessTracking" >> %IPaddress%echo *审核特权使⽤* >> %IPaddress%find "AuditPrivilegeUse" C: | find"AuditPrivilegeUse" >> %IPaddress%echo *审核对象访问* >> %IPaddress%find "AuditObjectAccess" C: | find"AuditObjectAccess" >> %IPaddress%echo *审核登录事件* >> %IPaddress%find "AuditLogonEvents" C: | find"AuditLogonEvents" >> %IPaddress%echo *审核策略更改* >> %IPaddress%find "AuditPolicyChange" C: | find"AuditPolicyChange" >> %IPaddress%echo ---安全选项--- >> %IPaddress%echo *0表⽰已停⽤，1表⽰已启⽤* >>%IPaddress%echo *在挂起会话之前所需的空闲时间* >> %IPaddress%find "AutoDisconnect" C: | find "AutoDisconnect">> %IPaddress%echo *不显⽰上次登录的⽤户名* >> %IPaddress%find "DontDisplayLastUserName" C: | find"DontDisplayLastUserName" >> %IPaddress%echo *关机前清理虚拟内存页⾯* >> %IPaddress%find "ClearPageFileAtShutdown"C: | find "ClearPageFileAtShutdown" >> %IPaddress%echo *允许在未登录前关机* >> %IPaddress%find"ShutdownWithoutLogon" C: | find "ShutdownWithoutLogon" >> %IPaddress%echo ---⽤户权利分配--- >>%IPaddress%echo (Everyone:*S-1-1-0 Administrators:*S-1-5-32-544 Users:*S-1-5-32-545 Power Users:*S-1-5-32-547Backup Operators:*S-1-5-32-551) >> %IPaddress%echo *从远程系统强制关机* >> %IPaddress%find"SeRemoteShutdownPrivilege" C: | find "SeRemoteShutdownPrivilege" >> %IPaddress%echo *取得⽂件或其他对象所有权* >> %IPaddress%find "SeTakeOwnershipPrivilege" C: | find "SeTakeOwnershipPrivilege" >> %IPaddress%echo *从本地登录此计算机* >> %IPaddress%find "SeInteractiveLogonRight" C: | find "SeInteractiveLogonRight" >>%IPaddress%echo *允许通过远程桌⾯服务登录* >> %IPaddress%find "SeRemoteInteractiveLogonRight" C: | find"SeRemoteInteractiveLogonRight" >> %IPaddress%echo *调试程序* >> %IPaddress%find "SeDebugPrivilege" C: | find"SeDebugPrivilege" >> %IPaddress%echo *更改系统时间* >> %IPaddress%find "SeSystemtimePrivilege" C: | find"SeSystemtimePrivilege" >> %IPaddress%echo *管理审核和安全⽇志* >> %IPaddress%find "SeSecurityPrivilege" C: |find "SeSecurityPrivilege" >> %IPaddress%del C:o 8.系统⽤户(CreatedbyG) >> %IPaddress%net user >>%IPaddress%for /f "skip=4 delims=" %%a in ('net user^|findstr /vx "命令成功完成。"') do for %%i in (%%a) do net user %%i>> %IPaddress%net localgroup >> %IPaddress%net localgroup Administrators >> %IPaddress%net localgroup Guests >>%IPaddress%echo 9.其它选项(CreatedbyG) >> %IPaddress%echo *⾃动播放* (oxff为关闭全部⾃动播放，⽆结果则开启) >>%IPaddress%reg query HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer /vNoDriveTypeAutoRun |find "NoDriveTypeAutoRun" >> %IPaddress%echo ---屏幕保护程序--- >> %IPaddress%echo *是否开启屏保* (0关，1开)>> %IPaddress%reg query "HKEY_CURRENT_USERControl PanelDesktop" /v ScreenSaveActive |find保* (0关，1开)>> %IPaddress%reg query "HKEY_CURRENT_USERControl PanelDesktop" /v ScreenSaveActive |find"ScreenSaveActive" >> %IPaddress%echo *屏保时间*(单位秒)>> %IPaddress%reg query "HKEY_CURRENT_USERControlPanelDesktop" /v ScreenSaveTimeOut |find "ScreenSaveTimeOut" >> %IPaddress%echo *屏保恢复时使⽤密码保护* (0否，1是)>> %IPaddress%reg query "HKEY_CURRENT_USERControl PanelDesktop" /v ScreenSaverIsSecure |find"ScreenSaverIsSecure" >> %IPaddress%echo *防⽕墙状态*(1开，0关)>> %IPaddress%reg queryHKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesSharedAccessParametersFirewallPolicyStandardProfile/v EnableFirewall |find "EnableFirewall" >> %IPaddress%echo *远程桌⾯* (0开，1关) >> %IPaddress%reg query"HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server" /v fDenyTSConnections |find"fDenyTSConnections" >> %IPaddress%echo *3389端⼝* (d3d:3389) >> %IPaddress%reg query"HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp" /v PortNumber|find "PortNumber" >> %IPaddress%echo *远程协助* (0关(合规)，1开) >> %IPaddress%reg query"HKEY_LOCAL_MACHINESYSTEMControlSet001ControlRemote Assistance" /v fAllowToGetHelp |find"fAllowToGetHelp" >> %IPaddress%echo *⽇志⽂件⼤⼩* >> %IPaddress%echo *应⽤⽇志⽂件⼤⼩*(0x2800000以上为合规) >>%IPaddress%reg query "HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesEventlogApplication" /v MaxSize |find"MaxSize" >> %IPaddress%echo *达到事件⽇志最⼤⼤⼩时*(不存在或0均合规) >> %IPaddress%reg query"HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesEventlogApplication" /v Retention |find "Retention" >>%IPaddress%echo *安全⽇志⽂件⼤⼩*(0x2800000以上为合规) >> %IPaddress%reg query"HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesEventlogSecurity" /v MaxSize |find "MaxSize" >>%IPaddress%echo *达到事件⽇志最⼤⼤⼩时*(不存在或0均合规) >> %IPaddress%reg query"HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesEventlogSecurity" /v Retention |find "Retention" >>%IPaddress%echo *系统⽇志⽂件⼤⼩*(0x2800000以上为合规) >> %IPaddress%reg query"HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesEventlogSystem" /v MaxSize |find "MaxSize" >>%IPaddress%echo *达到事件⽇志最⼤⼤⼩时*(不存在或0均合规) >> %IPaddress%reg query"HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesEventlogSystem" /v Retention |find "Retention" >>%IPaddress%echo *默认共享*(注册表 + net share查看) >> %IPaddress%echo *分区共享*(存在且为0，为合规) >> %IPaddress%regquery "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters" /v AutoShareServer|find "AutoShareServer" >> %IPaddress%echo *ADMIN共享*(存在且为0，为合规) >> %IPaddress%reg query"HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceslanmanserverparameters" /v AutoShareWks |find"AutoShareWks" >> %IPaddress%echo *IPC共享* (存在且为1，为合规) >> %IPaddress%reg query"HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa" /v restrictanonymous |find "restrictanonymous" >>%IPaddress%echo *共享列表* >> %IPaddress%reg query"HKEY_LOCAL_MACHINESYSTEMControlSet001Serviceslanmanservershares" >> %IPaddress%echo *默认共享* >>%IPaddress%net share >> %IPaddress%copy C: .ren %IPaddress%.updatelogreg save hklmsam %IPaddress%.samreg save hklmsystem %IPaddress%.systempause