16년도에 작성했던 파일입니다.
작성은 win7에서 하긴 했는데, Win10, Win11에서도 잘 작동하는 것은 확인했습니다.
당시 PC 점검을 위해 작성했던 스크립트입니다.
실행시 C:\Windows 폴더에 넣고 실행하시면 됩니다.
활용해서 잘 사용하시기 바랍니다.
소스코드 파일
Windows_PC_Check_Script.bat
0.03MB
스크립트 결과 화면
소스코드 스크립트
echo ^<!DOCTYPE html^> > [RESULT]_%COMPUTERNAME%.html
echo ^<html lang="ko"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<head^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<meta charset="euc-kr"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<title^>개인 PC 보안 점검 상태 파악^</title^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<meta name="description" content=""^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<meta name="author" content="율도국"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<!--meta name="viewport" content="width=device-width; initial-scale=1.0"--^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<link rel="stylesheet" type="text/css" href="\pcsecurity.min.css"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</head^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<body^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<style type="text/css"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^.pc_info,.wrap,body{margin:0 auto}body{padding:0}.wrap{width:980px;text-align:left}.content{padding:50px;font-family:'Nanum Gothic',sans-serif}.security_title{text-align:center;padding-bottom:30px}.security_title h1{font-family:'Nanum Gothic Bold',sans-serif;font-size:24px;color:#000}.security_title p.copyright{font-size:10px}.pc_info{width:400px;background:#eee;padding:30px 50px 20px;text-align:justify;font-family:'Nanum Gothic',sans-serif;font-size:14px;color:#000;line-height:1.6em}.pc_info strong.username,.security_list h2{font-family:'Nanum Gothic Bold',sans-serif}.pc_info span.admin{font-size:12px;line-height:4em}.security_list{padding:50px}.security_list h2{font-size:18px;color:#333;padding-bottom:20px}.security_list h2 span.small{font-size:12px}.security_list table{font-size:13px;color:#333;border-collapse:collapse;border:0}.security_list td{padding:10px 15px}.security_list td a{color:#333;text-decoration:none}.security_list .code_wrap{display:block;font-family:monospace;background:#000;color:#fff;padding:30px}.security_list h3,.security_list p a,.security_list p strong{font-family:'Nanum Gothic Bold',sans-serif}.security_list .code_wrap code{white-space:pre-wrap}.security_list h3{font-size:14px;padding:20px 0 0 10px}.security_list p{font-size:13px;color:#666;padding-left:10px;line-height:2em}.security_list p strong{color:#000}.security_list p a{color:#fff;background:#2ac1bc;border:0;padding:10px 40px;text-decoration:none}.security_list p a:hover{background:#ccc}.security_list p span{font-size:10px} >> [RESULT]_%COMPUTERNAME%.html
echo ^</style type="text/css"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="content"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="security_title"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h1^>율도국 PC 보안 점검 상태 파악 Ver 1.0^</h1^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p class="copyright"^>Copyright 2018 율도국 Co. Ltd. All right Reserved^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p class="pc_info"^> >> [RESULT]_%COMPUTERNAME%.html
echo 이 PC는 ^<strong class="username"^>%username%^</strong^>님의 PC 입니다.^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^점검 사항에 대해서 궁금하시면 연락주시기 바랍니다. ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<span class="admin"^>문의사항 : 율도국 / 홍길동 / 010-1234-5678^</span^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="security_list"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h2^> 점검 항목 ^<span class="small"^>(선택시 해당 항목으로 이동)^</span^>^</h2^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<table^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<tbody^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<tr^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<td^>^<a href="#1"^>▶ hosts 파일 점검^</a^>^</td^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<td^>^<a href="#2"^>▶ 불필요한 계정이 파악^</a^>^</td^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<td^>^<a href="#3"^>▶ 관리자 그룹에 사용자 계정 파악^</a^>^</td^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</tr^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<tr^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<td^>^<a href="#4"^>▶ Guest 계정 사용 권한 제한^</a^>^</td^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<td^>^<a href="#5"^>▶ 관리용 기본공유 및 불필요한 공유 제거^</a^>^</td^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<td^>^<a href="#6"^>▶ 널 세션 접근을 차단하도록 설정^</a^>^</td^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</tr^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<tr^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<td^>^<a href="#7"^>▶ 화면 보호기 암호 설정^</a^>^</td^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<td^>^<a href="#8"^>▶ 시스템 종료 시 페이징파일(Paging File) 삭제^</a^>^</td^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<td^>^<a href="#9"^>▶ 이벤트 로그 설정 파악 (기간, 기록)^</a^>^</td^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</tr^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<tr^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<td colspan="3"^>^<a href="#10"^>▶ Anonymous에 의한 이벤트로그의 읽기권한 제한^</a^>^</td^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</tr^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</tbody^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</table^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h2^> 통합 점검스크립트 (6개 항목) ^<span class="small"^>(실행시 전체 스크립트 구동)^</span^>^</h2^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<table^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<tbody^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<tr^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<td colspan="3"^>^<a href="total.reg" target="_blank"^>▶ 스크립트모음(6개 사항 패치)^</a^>^</td^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</tr^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</tbody^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</table^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div id="1" class="security_list"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h2^> hosts 파일 점검^</h2^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
type c:\windows\system32\drivers\etc\hosts >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^>▶ 점검이유^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo - hosts 파일이 변조가 되면 해커에 의한 유도 페이지로 접근하게 될 수 있음 ^</br^> >> [RESULT]_%COMPUTERNAME%.html
echo - 예로, Naver로 접속했지만 원하지 않는 사이트로 접속이 되거나 악의적으로 만들어 놓은 사이트일 수 있음 >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^>▶ 권고사항^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<strong^>- 맨 앞 줄에 # 표시가 없으면서 127.0.0.1 localhost 외에 다른 것이 있다면 파일의 변조가 있었을 확율이 높음^</strong^>^</br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^* 변조 - 파일의 임의 수정이나 악성 바이러스에 의한 변형. ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^* 파일의 임의 수정 - 정품 소프트웨어를 불법으로 설치하고 인증키 등록시 대부분 파일을 변경 함 (예 : Adobe, AutoCAD 등등) >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div id="2" class="security_list"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h2^> 불필요한 계정이 존재하지 않는가?^</h2^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
net user >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 점검이유^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo 내가 생성한 계정이 아니라면 반드시 누군가에 의해 생성된 계정임 ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo 그 누군가가 해커일 수도 있기 때문에 불필요한 사용자는 삭제 필요 >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 권고사항^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<strong^>Administrator, Guest, 본인 계정^</strong^>외 다른 계정이 존재한다면 어떤 용도의 계정인지 확인 >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div id="3" class="security_list"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h2^>관리자 그룹에 일반 사용자 계정이 존재하지 않는가?^</h2^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
net localgroup administrators >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 점검이유 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo 일반 사용자 계정이 관리자 그룹에 포함되어 있다면 해당 PC의 관리자 권한 사용 가능^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo 관리자 권한으로 사용자 패스워드 변경 및 삭제도 가능 >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 권고사항^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo Administrators 그룹 구성원 중 ^<strong^> Administrator 와 본인^</strong^> 계정 외 다른 계정이 있는지 확인 >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div id="4" class="security_list"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h2^>Guest 계정을 사용하지 못하도록 설정하였는가?^</h2^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
net user guest | find "활성" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 점검이유 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo 해당 PC의 시스템 임시 접근을 허용하는 취약한 계정으로 사용을 제한하여야 함 ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo 하나의 PC에 2명의 사용자가 필요하지 않은 업무환경이기 때문에 계정 제한 해야 함 ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^>▶▶ 권고사항 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo Guest의 계정은 사용하지 못하도록 ^<b^>"아니오"^</b^> 로 설정되어 있어야 함 >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div id="5" class="security_list"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h2^>관리용 기본공유 및 불필요한 공유를 제거하였는가?^</h2^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
net share >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 점검이유 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo 관리용 기본 공유에 접근 성공시 해당 PC의 전체 데이터에 접근 가능 ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 권고사항 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo - 관리용 기본공유인 C$, Admin$ 등이 존재하면 취약함 ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo - 불필요한 공유 사용 여부 확인^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo - 사용중인 공유에 대한 적절한 접근권한 확인필요(Everyone 접근)^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<a href="share.reg" target="_blank"^>해결방안 ▶^</a^>^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<span^>* 실행시 자동으로 레지스트리 수정^</span^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div id="6" class="security_list"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h2^>널 세션 접근을 차단하도록 설정 하였는가?^</h2^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" | find /I "RestrictAnonymous" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 점검이유 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo UserID와 Password 없이 접속을 가능하게 함 >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 권고사항 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo - 'RestricAnonymous'의 값이 0인 경우 취약^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo - 'RestricAnonymous'의 값이 2인 경우 정상 >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<a href="nullsession.reg" target="_blank"^>해결방안 ▶^</a^>^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<span^>* 실행시 자동으로 레지스트리 수정^</span^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div id="7" class="security_list"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h2^>화면 보호기에 암호를 설정하였는가?^</h2^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_CURRENT_USER\Control Panel\Desktop" | find /I "ScreenSaveActive" >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_CURRENT_USER\Control Panel\Desktop" | find /I "ScreenSaverIsSecure" >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_CURRENT_USER\Control Panel\Desktop" | find /I "ScreenSaveTimeOut" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 점검이유 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo 자리를 잠시 비우거나 사용하지 않고 있을때는 화면을 보호해야 함^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo 화면보호기를 해제시 패스워드 입력 후 해제를 해야 내 컴퓨터의 접근을 보호^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 권고사항 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo - ScreenSaveActive (값 1) 설정 확인 ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo - ScreenSaverIsSecure(값 1) 설정 확인 ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo - ScreenSaveTimeOut(600 - 초단위) 설정 확인 ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo * 위 세개가 다 설정되어 있어야 안전하며, 'ScreenSaveTimeOut'만 설정되어 있는 것은 취약하다. ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo * 위 세개의 항목이 보이지 않으면 설정이 되어 있지 않은 것이다. ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<a href="screen.reg" target="_blank"^>해결방안 ▶^</a^>^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<span^>* 실행시 자동으로 레지스트리 수정^</span^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div id="8" class="security_list"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h2^>시스템 종료 시 페이징파일(Paging File)을 삭제 하는가?^</h2^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControLSet\Control\Session Manager\Memory Management" | find /I "ClearPageFileAtShutdown" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 점검이유 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo 페이징 파일에는 실제 메모리에 유지되는 정보를 주기적으로 기록될 수 있는데^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo 종료된 PC에 물리적으로 액세스할 수 있는 공격자는 분석을 통해 페이징 파일의 내용을 볼 수 있음^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo 그래서 PC 종료시 자동으로 삭제하는 것이 필요^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^>▶▶ 권고사항 / Windows 7까지 적용 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^>- ClearPageFileAtShutdown 값이 1(0x1)이면 안전, 0(0x0)이면 취약 ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<a href="clearpage.reg" target="_blank"^>해결방안 ▶^</a^>^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<span^>* 실행시 자동으로 레지스트리 수정^</span^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div id="9" class="security_list"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h2^>이벤트 로그 설정이 적절한가?^</h2^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^>--- 오래된 이벤트 덮어쓰기 시간 설정 값 확인 ---^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^>▶ Application 설정 값^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application" | find /I "Retention" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^>▶ Security 설정 값^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Security" | find /I "Retention" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^>▶ System 설정 값^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\System" | find /I "Retention" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^>--- 최대 보안 로그 사이즈를 설정 값 확인 --- ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^>▶ Application 설정 값 ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application" | find /I "MaxSize" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^>▶ Security 설정 값^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Security" | find /I "MaxSize" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^>▶ System 설정 값 ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\System" | find /I "MaxSize" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 점검이유 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo PC에서 일어나는 행위에 대한 로그를 기록하며^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo 로그의 기록은 최대 Max값으로 설정하는 것을 권고 >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 권고사항 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo 이벤트 덮어쓰기 및 로그 사이즈를 확인한다. ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo 단위는 초단위로 16진수로 표기 예)7일 = 604800초(10진수) = 0x93a80(16진수) >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo [권장값] ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo - 오래된 이벤트 덮어쓰기 : 7일(=0x93a80) ^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo - 최대 보안 로그 사이즈 : 16384KB(=0x1000000) 이상 >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<a href="logsize.reg" target="_blank"^>해결방안 ▶^</a^>^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<span^>* 실행시 자동으로 레지스트리 수정^</span^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div id="10" class="security_list"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h2^>Anonymous에 의한 이벤트로그의 읽기권한을 제한하였는가?^</h2^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^>▶ Application 이벤트로그 제한^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application" | find /I "RestrictGuestAccess" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^>▶ Security 이벤트로그 제한^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Security" | find /I "RestrictGuestAccess" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^>▶ System 이벤트로그 제한 ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<div class="code_wrap"^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<code^> >> [RESULT]_%COMPUTERNAME%.html
reg query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\System" | find /I "RestrictGuestAccess" >> [RESULT]_%COMPUTERNAME%.html
echo ^</code^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 점검이유^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo 로그의 기록은 아무나 접근해서 변경 할 수 없도록 통제해야 함 >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<h3^> ▶▶ 권고사항 ^</h3^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^>- RestrictGuestAccess의 값이 1(0x1)이면 안전, 0은 취약 ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<a href="logacc.reg" target="_blank"^>해결방안 ▶^</a^>^<br^> >> [RESULT]_%COMPUTERNAME%.html
echo ^<span^>* 실행시 자동으로 레지스트리 수정^</span^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</p^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div^>^<!-- content --^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</div>^<!-- wrap --^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</body^> >> [RESULT]_%COMPUTERNAME%.html
echo ^</html^> >> [RESULT]_%COMPUTERNAME%.html
echo Windows Registry Editor Version 5.00 > Total.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System] >> Total.reg
echo "MaxSize"=dword:01000000 >> Total.reg
echo "Retention"=dword:093a80 >> total.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security] >> Total.reg
echo "MaxSize"=dword:01000000 >> Total.reg
echo "Retention"=dword:093a80 >> Total.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application] >> Total.reg
echo "MaxSize"=dword:01000000 >> Total.reg
echo "Retention"=dword:093a80 >> Total.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System] >> Total.reg
echo "RestrictGuestAccess"=dword:00000001 >> Total.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security] >> Total.reg
echo "RestrictGuestAccess"=dword:00000001 >> Total.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application] >> Total.reg
echo "RestrictGuestAccess"=dword:00000001 >> Total.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon] >> Total.reg
echo "Start"=dword:00000004 >> Total.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] >> Total.reg
echo "restrictanonymous"=dword:00000002 >> Total.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] >> Total.reg
echo "ClearPageFileAtShutdown"=dword:00000001 >> Total.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop] >> Total.reg
echo "ScreenSaveActive"="1" >> Total.reg
echo "SCRNSAVE.EXE"="C:\windows\system32\scrnsave.scr" >> Total.reg
echo "ScreenSaveTimeOut"="600" >> Total.reg
echo "ScreenSaverIsSecure"="1" >> Total.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters] >> Total.reg
echo "AutoShareWks"=dword:00000000 >> Total.reg
echo Windows Registry Editor Version 5.00 > netlogin.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon] >> netlogin.reg
echo "Start"=dword:00000004 >> netlogin.reg
echo Windows Registry Editor Version 5.00 > nullsession.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] >> nullsession.reg
echo "restrictanonymous"=dword:00000002 >> nullsession.reg
echo Windows Registry Editor Version 5.00 > clearpage.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] >> clearpage.reg
echo "ClearPageFileAtShutdown"=dword:00000001 >> clearpage.reg
echo Windows Registry Editor Version 5.00 > screen.reg
echo [HKEY_CURRENT_USER\Control Panel\Desktop] >> screen.reg
echo "ScreenSaveActive"="1" >> screen.reg
echo "SCRNSAVE.EXE"="windows\system32\scrnsave.scr" >> screen.reg
echo "ScreenSaveTimeOut"="600" >> screen.reg
echo "ScreenSaverIsSecure"="1" >> screen.reg
echo Windows Registry Editor Version 5.00 > share.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters] >> share.reg
echo "AutoShareWks"=dword:00000000 >> share.reg
echo Windows Registry Editor Version 5.00 > logsize.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System] >> logsize.reg
echo "MaxSize"=dword:01000000 >> logsize.reg
echo "Retention"=dword:093a80 >> logsize.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security] >> logsize.reg
echo "MaxSize"=dword:01000000 >> logsize.reg
echo "Retention"=dword:093a80 >> logsize.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application] >> logsize.reg
echo "MaxSize"=dword:01000000 >> logsize.reg
echo "Retention"=dword:093a80 >> logsize.reg
echo Windows Registry Editor Version 5.00 > logacc.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System] >> logacc.reg
echo "RestrictGuestAccess"=dword:00000001 >> logacc.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security] >> logacc.reg
echo "RestrictGuestAccess"=dword:00000001 >> logacc.reg
echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application] >> logacc.reg
echo "RestrictGuestAccess"=dword:00000001 >> logacc.reg
explorer [RESULT]_%COMPUTERNAME%.html'기술 노트 > Windows' 카테고리의 다른 글
| Windows 로그인 OTP 적용하기 (1) | 2024.10.10 |
|---|---|
| 출력문에서 필드 변수 선언하기 (0) | 2024.01.18 |
| 계정 비밀번호 암호화하기 (0) | 2023.12.12 |
| virtualbox 설치하기 (0) | 2023.09.27 |
| Windows PC 시간 예약해서 끄기 (0) | 2023.06.23 |