-
Notifications
You must be signed in to change notification settings - Fork 0
/
Reset FIM-Table for WINDOWS Registry-v4.bes
executable file
·53 lines (52 loc) · 5.49 KB
/
Reset FIM-Table for WINDOWS Registry-v4.bes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
<?xml version="1.0" encoding="UTF-8"?>
<BES xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="BES.xsd">
<Task>
<Title>Reset FIM-Table for WINDOWS Registry-v4</Title>
<Description>Version 4: This task recreates a logfile, FIMwindows_data.txt (for RedHat) which contains the status of a 'file-integrity-monitoring'-type assessment of particular parts of the filesystem. $Id: Reset FIM-Table for WINDOWS Registry-v4.bes 99 2014-06-02 19:13:58Z singerj $</Description>
<Relevance>name of operating system contains "Win"</Relevance>
<Category></Category>
<Source>Internal</Source>
<SourceID></SourceID>
<SourceReleaseDate>2013-12-19</SourceReleaseDate>
<SourceSeverity></SourceSeverity>
<CVENames></CVENames>
<SANSID></SANSID>
<MIMEField>
<Name>x-fixlet-modification-time</Name>
<Value>Thu, 16 Jan 2014 01:09:59 +0000</Value>
</MIMEField>
<Domain>BESC</Domain>
<DefaultAction ID="Action1">
<Description>
<PreLink>Click </PreLink>
<Link>here</Link>
<PostLink> to deploy this action.</PostLink>
</Description>
<ActionScript MIMEType="application/x-Fixlet-Windows-Shell"><![CDATA[delete __createfile
delete "{pathname of parent folder of parent folder of client folder of current site}/FIMwindows_data.txt"
delete "{pathname of parent folder of parent folder of client folder of current site}/FIMwindows_data.bak"
delete "{pathname of parent folder of parent folder of client folder of current site}/FIMwindows_dataChecksum.txt"
createfile until __END__
{(if (exists value "screensavergraceperiod" of it) then "screensavergraceperiod( " & value "screensavergraceperiod" of it as string & " ):" & last write time of it as string else "screensavergraceperiod: <N/E>") of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" of registry}
{(if (exists value "cachedlogonscount" of it) then "cachedlogonscount( " & value "cachedlogonscount" of it as string & " ):" & last write time of it as string else "cachedlogonscount: <N/E>") of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" of registry}
{(if (exists value "defaultpasswordvalue" of it) then "defaultpasswordvalue( " & value "defaultpasswordvalue" of it as string & " ):" & last write time of it as string else "defaultpasswordvalue: <N/E>") of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" of registry}
{(if (exists value "restrictanonymous" of it) then "restrictanonymous( " & value "restrictanonymous" of it as string & " ):" & last write time of it as string else "restrictanonymous: <N/E>") of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" of registry}
{(if (exists value "restrictanonymoussam" of it) then "restrictanonymoussam( " & value "restrictanonymoussam" of it as string & " ):" & last write time of it as string else "restrictanonymoussam: <N/E>") of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" of registry}
{(if (exists value "auditbaseobjects" of it) then "auditbaseobjects( " & value "auditbaseobjects" of it as string & " ):" & last write time of it as string else "auditbaseobjects: <N/E>") of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" of registry}
{(if (exists value "everyoneincludesanonymous" of it) then "everyoneincludesanonymous( " & value "everyoneincludesanonymous" of it as string & " ):" & last write time of it as string else "everyoneincludesanonymous: <N/E>") of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" of registry}
{(if (exists value "nolmhash" of it) then "nolmhash( " & value "nolmhash" of it as string & " ):" & last write time of it as string else "nolmhash: <N/E>") of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" of registry}
{(if (exists value "ScreenSaveTimeOut" of it) then "ScreenSaveTimeOut( " & value "ScreenSaveTimeOut" of it as string & " ):" & last write time of it as string else "ScreenSaveTimeOut: <N/E>") of key "HKEY_CURRENT_USER\Control Panel\Desktop" of registry}
{(if (exists value "limitblankpassworduse" of it) then "limitblankpassworduse( " & value "limitblankpassworduse" of it as string & " ):" & last write time of it as string else "limitblankpassworduse: <N/E>") of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" of registry}
{(if (exists value "MinEncryptionLevel" of it) then "MinEncryptionLevel( " & value "MinEncryptionLevel" of it as string & " ):" & last write time of it as string else "MinEncryptionLevel: <N/E>") of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" of registry}
{(if (exists value "LsaPid" of it) then "LsaPid( " & value "LsaPid" of it as string & " ):" & last write time of it as string else "LsaPid: <N/E>") of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" of registry}
{(if (exists value "FIPSAlgorithmPolicy" of it) then "FIPSAlgorithmPolicy( " & value "FIPSAlgorithmPolicy" of it as string & " ):" & last write time of it as string else "FIPSAlgorithmPolicy: <N/E>") of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa" of registry}
__END__
move __createfile "{pathname of parent folder of parent folder of client folder of current site}/FIMwindows_data.txt"
createfile until __END__
{sha1 of file "FIMwindows_data.txt" of parent folder of regapp "BESClient.exe"}
__END__
move __createfile "{pathname of parent folder of parent folder of client folder of current site}/FIMwindows_dataChecksum.txt"]]></ActionScript>
<SuccessCriteria Option="RunToCompletion"></SuccessCriteria>
</DefaultAction>
</Task>
</BES>