; SecCheck.kix, Version 1.10 for Windows 2000 with KiXtart 4.20 or later ; Checks password age, virus definitions age, and wether a list of Windows ; hotfixes are installed; and displays a message if any condition is not met. ; ; For detailed help type: KIX32 SECCHECK.KIX $Help=1 ; ; Written by Rob van der Woude ; http://www.robvanderwoude.com ; Check if help is requested If $Help GoTo Syntax EndIf ; Check KiXtart version (4 required) $KixMajorVer = SubStr( @KIX, 1, InStr( @KIX, "." ) - 1 ) $KixMinorVer = SubStr( @KIX, InStr( @KIX, "." ) + 1, 2 ) If $KixMajorVer < 4 GoTo Syntax EndIf If $KixMinorVer < 20 GoTo Syntax EndIf If $Debug ? "KiXtart @KIX" ? "$$KixMajorVer = $KixMajorVer" ? "$$KixMinorVer = $KixMinorVer" ? EndIf ; Initialize variables Dim $Checked[ 0 ] Dim $Listed[ 0 ] Dim $Installed[ 0 ] $DefsOld = 0 $AVFound = 0 $LogMsg = "" $Msg = "" $Missing = 0 $Index1 = 0 $Index2 = 0 $Index3 = 0 $Index4 = 0 $FixRoot = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000" $Title = "Security Check" $Warning = 1 $Error = 0 ; Check if optional command line arguments are specified, ; otherwise use default values If $MaxDefAge = 0 $MaxDefAge = 14 EndIf If $MaxPwAge = 0 $MaxPwAge = 30 EndIf If $NoWarning = 1 $Warning = 0 EndIf If $List = 0 $List = "@SCRIPTDIR\" $List = $List + SubStr( @SCRIPTNAME, 1, InStr( @SCRIPTNAME, "." ) ) $List = $List + "fix" EndIf If $Log = 0 $Log = "@SCRIPTDIR\" $Log = $Log + SubStr( @SCRIPTNAME, 1, InStr( @SCRIPTNAME, "." ) - 1 ) $Log = $Log + "_@WKSTA.log" EndIf ; Display debuging info If $Debug ? "$$MaxDefAge = $MaxDefAge" ? "$$MaxPwAge = $MaxPwAge" ? "$$List = $List" ? "$$Log = $Log" ? EndIf ; Check if hotfix list file exists If Exist( $List ) = 0 ? "Hotfix list file not found (" + $List + ").@CRLF" GoTo Syntax EndIf ; Hide console window unless in debug mode If $Debug = 0 $x = SetConsole( "HIDE" ) EndIf ; Open log file for this computer $x = Log( $Log, "@WKSTA, @PRODUCTTYPE, @DATE, @TIME" ) ;; ;; ;; ;; ;; ;; ;; AntiVirus ;; ;; ;; ;; ;; ;; ;; ; This registry key specifies the last update ; of the SAV virus definitions in hexadecimal $SAVRegKey = "HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs\DefWatch" $DefVer = ReadValue( $SAVRegKey, "DefVersion" ) If $DefVer ; If the key has any value, Symantec AntiVirus ; Corporate Edition is probably installed $AVType = "SAV" $AVDescr = "Symantec AntiVirus Corporate Edition" ; Extract the day, month & year of the last update $LastUpdYrX = "&" + SubStr( $DefVer, 3, 2 ) + SubStr( $DefVer, 1, 2 ) $LastUpdYr = Val( $LastUpdYrX ) $LastUpdMnX = "&" + SubStr( $DefVer, 7, 2 ) + SubStr( $DefVer, 5, 2 ) $LastUpdMn = Val( $LastUpdMnX ) $LastUpdDyX = "&" + SubStr( $DefVer, 15, 2 ) + SubStr( $DefVer, 13, 2 ) $LastUpdDy = Val( $LastUpdDyX ) $AVFound = 1 Else ; Let's try if McAfee is installed. ; This registry key specifies the last ; update of the McAfee virus definitions $McARegKey = "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\" $McARegKey = $McARegKey + "Shared Components\VirusScan Engine\4.0.xx" $EngineVer = ReadValue( $McARegKey, "szEngineVer" ) If $EngineVer ; If this registry key has any value ; then McAfee is probably installed $AVType = "McAfee" $AVDescr = "McAfee VirusScan" ; Extract the day, month & year of the last update $DatDate = ReadValue( $McARegKey, "szDatDate" ) $DateArray = Split( "$DatDate", "/") For Each $Element In $DateArray Select Case $LastUpdDy $LastUpdYr = $Element Case $LastUpdMn $LastUpdDy = $Element Case 1 $LastUpdMn = $Element EndSelect Next $AVFound = 1 Else ; We didn't find Symantec AntiVirus, nor McAfee ViruScan $Msg = "Neither Symantec nor McAfee AntiVirus are installed." $x = Log( $Log, $Msg ) EndIf EndIf If $AVFound ; Calculate the total number of days between January ; 1st and the last update, ignoring leap years Select Case $LastUpdMn = 1 $LastUpdTotDy = 0 + $LastUpdDy Case $LastUpdMn = 2 $LastUpdTotDy = 31 + $LastUpdDy Case $LastUpdMn = 3 $LastUpdTotDy = 59 + $LastUpdDy Case $LastUpdMn = 4 $LastUpdTotDy = 90 + $LastUpdDy Case $LastUpdMn = 5 $LastUpdTotDy = 120 + LastUpdDy Case $LastUpdMn = 6 $LastUpdTotDy = 151 + $LastUpdDy Case $LastUpdMn = 7 $LastUpdTotDy = 181 + $LastUpdDy Case $LastUpdMn = 8 $LastUpdTotDy = 212 + $LastUpdDy Case $LastUpdMn = 9 $LastUpdTotDy = 243 + $LastUpdDy Case $LastUpdMn = 10 $LastUpdTotDy = 273 + $LastUpdDy Case $LastUpdMn = 11 $LastUpdTotDy = 304 + $LastUpdDy Case $LastUpdMn = 12 $LastUpdTotDy = 334 + $LastUpdDy EndSelect ; Calculate the number of days between today and the last update $DefsOld = ( 365 * ( @YEAR - $LastUpdYr ) ) + @YDAYNO - $LastUpdTotDy ; Generate a message to the user if the virus definitions are too old If $DefsOld > $MaxDefAge $LogMsg = "Your $AVDescr virus definitions are " $LogMsg = $LogMsg + $DefsOld + " days old." $Msg = $Msg + $LogMsg $x = Log( $Log, $LogMsg ) EndIf EndIf ;; ;; ;; ;; ;; ;; ;; ;; Password age ;; ;; ;; ;; ;; ;; ;; ;; ; Check password age and generate message if necessary If @PWAGE > $MaxPwAge $LogMsg = "Your Windows password is @PWAGE days old." $Msg = $Msg + @CRLF + $LogMsg $x = Log( $Log, $LogMsg ) EndIf ; Append a blank line to the message If $Msg $Msg = $Msg + @CRLF EndIf ;; ;; ;; ;; ;; ;; ;; ;; ;; Windows hotfixes ;; ;; ;; ;; ;; ;; ;; ;; ;; ; Read installed hotfixes from registry and store the results in an array :Loop1 $KeyName1 = EnumKey( "$FixRoot\", $Index1 ) If @ERROR = 0 :Loop2 $KeyName2 = EnumKey( "$FixRoot\$KeyName1", $Index2 ) If @ERROR = 0 $Installed[ $Index3 ] = "$KeyName1\$KeyName2" If $Debug = 1 ? "$$Installed[$Index3] = $KeyName1\$KeyName2" EndIf $Index2 = $Index2 + 1 $Index3 = $Index3 + 1 ReDim PRESERVE $Installed[ $Index3 ] GoTo Loop2 EndIf $Index1 = $Index1 + 1 GoTo Loop1 EndIf ; Read hotfixes from hotfix list file and store the results in an array If Open( 3, $List ) = 0 $x = ReadLine( 3 ) While @ERROR = 0 $Listed[ $Index4 ] = $x If $Debug = 1 ? "$$Listed[$Index4] = $x" EndIf $Index4 = $Index4 + 1 $x = ReadLine( 3 ) ReDim PRESERVE $Listed[ $Index4 ] Loop $x = Close( 3 ) Else ? "Hotfix list file not opened, error code: [" + @ERROR + "]" Exit 255 EndIf ; Check if every line from the hotfix list file ; is found in the array of installed hotfixes For Each $Element1 In $Listed If Trim( $Element1 ) <> "" $Checked = 0 For Each $Element2 In $Installed If $Element1 = $Element2 $Checked = 1 EndIf Next If $Checked = 0 $Missing = $Missing + 1 $LogMsg = "Fix $Element1 is NOT installed" $Msg = $Msg + @CRLF + $LogMsg $x = Log( $Log, $LogMsg ) If $Debug ? "Fix $Element1 is NOT installed" EndIf Else If $Debug ? "Fix $Element1 is installed" EndIf EndIf EndIf Next Select Case $Missing = 1 $Msg = $Msg + @CRLF + "1 fix is missing" Case $Missing > 1 $Msg = $Msg + @CRLF + "[$Missing Windows hotfixes are missing]" EndSelect If $Debug ? "$$Missing = $Missing" ? EndIf ;; ;; ;; ;; ;; ;; ;; ;; ;; ;; ;; Display warning message ;; ;; ;; ;; ;; ;; ;; ;; ;; ;; ;; If $Msg $Msg = $Msg + @CRLF + @CRLF $Msg = $Msg + "Please contact your helpdesk for further instructions!" EndIf If $Msg $x = Log( $Log, "Security scan result: Intervention required" + @CRLF ) If $Warning $x = MessageBox( $Msg, $Title, 64 ) EndIf Else $x = Log( $Log, "Security scan result: Everything seems to be OK" + @CRLF ) EndIf ; Restore console window $x = SetConsole( "SHOW" ) ; End program Exit $Error Function Log( $LogFile, $Message ) $Handle = FreeFileHandle() If Open( $Handle , $LogFile , 5 ) = 0 $x = WriteLine( $Handle , $Message + @CRLF ) If Close( $Handle ) ? "Error closing log file!" ? @SERROR EndIf Else ? "Failed to open log file, error code: [" + @ERROR + "]" ? @SERROR EndIf EndFunction :Syntax ? "SecCheck.kix, Version 1.10 for Windows 2000 with KiXtart 4.20 or later" ? "Checks password age, virus definitions age, and wether a list of Windows" ? "hotfixes are installed, and displays a message if any condition is not met" ? ? "Usage: KIX32 SECCHECK.KIX [$$MaxDefAge=n] [$$MaxPwAge=m] [$$NoWarning=1]" ? " [$$List=some_file] [$$Log=some_log] [$$Debug=1]" ? ? " or: KIX32 SECCHECK.KIX $$Help=1" ? ? "Where: $$MaxDefAge specifies the maximum age allowed of virus definitions" ? " $$MaxPwAge specifies the maximum age allowed of logon password" ? " $$NoWarning if specified, NO warning is shown if conditions aren't met" ? " $$List specifies file containing list of hotfixes to be checked" ? " $$Log specifies file where results will be logged" ? " $$Help if specified, displays this help text" ? ? "Written by Rob van der Woude" ? "http://www.robvanderwoude.com" ? If ( $KixMajorVer < 4 OR ( $KixMajorVer = 4 AND $KixMinorVer < 20 ) ) ? "This script requires KiXtart version 4.20 or later." ? "Your current KiXtart version is @KIX." Else ? "Note: This script and its author are in no way associated with Symantec," ? " nor with Network Associates." EndIf ? Exit 255