syslog output

README.md

@@ -1,13 +1,17 @@
-# PowerShell Scripts for Security, Patching, and Secrets Reporting
+### **Updated README for Endpoint Management**
 
-This repository includes PowerShell scripts designed for **security checks**, **patch management**, and **secrets reporting**. Each script provides a focused and modular functionality, offering actionable insights and maintaining system hygiene.
+---
+
+# PowerShell Scripts for Security, Patching, Secrets Reporting, and Logging
+
+This repository includes PowerShell scripts designed for endpoint management, covering tasks such as **security checks**, **patch management**, **secrets reporting**, and **logging script outputs** for audit and review purposes. Each script is modular and can be executed individually or orchestrated using the provided logging script.
 
 ---
 
 ## **Scripts Overview**
 
 ### **1. `security.ps1`**
-Performs comprehensive system-level security checks:
+Performs system-level security assessments:
 - Verifies the firewall status and active rules.
 - Scans for open ports and their associated processes.
 - Audits installed software and versions to check for outdated or vulnerable applications.
@@ -20,68 +24,97 @@ Performs comprehensive system-level security checks:
 Handles patch management and updates:
 - Installs Windows updates.
 - Updates third-party applications via `winget` and the Microsoft Store.
+- Logs skipped, failed, and successfully updated packages.
 - Detects and schedules system reboots if necessary.
-- Logs all updates for later review and provides a summary of completed tasks.
+- Cleans up deployment logs for better system hygiene.
 
 ---
 
 ### **3. `secrets.ps1`**
 A **reporting tool** for scanning files and directories for sensitive data:
-- Detects patterns related to:
-  - Personally Identifiable Information (PII) such as Social Security Numbers and emails.
-  - Financial data like IBANs, SWIFT codes, US routing numbers, and account numbers.
+- Detects patterns such as:
+  - Personally Identifiable Information (PII) like Social Security Numbers and emails.
+  - Financial data like IBANs, SWIFT codes, and US routing/account numbers.
   - Cryptographic secrets, including API keys, JSON Web Tokens (JWTs), private keys, and passwords.
-- Supports a wide variety of file formats, including text files, logs, JSON, CSV, Office documents, and compressed archives.
+- Supports a variety of file formats including text files, logs, JSON, CSV, Office documents, and compressed archives.
 - Outputs a detailed, actionable report to the console.
 
 ---
 
+### **4. `run_log.ps1`**
+The **logging and orchestration script**:
+- Executes `security.ps1`, `patching.ps1`, and `secrets.ps1` in sequence.
+- Captures console output from each script and saves it in a **syslog-compatible format**.
+- Handles system reboots triggered by `patching.ps1`:
+  - Tracks completed scripts using a marker file (`reboot_marker.txt`).
+  - Resumes execution after the system restarts.
+- Ensures all logs are saved in a single file for audit purposes.
+
+---
+
 ## **Requirements**
 
 - **PowerShell 5.1 or later**.
-- **Administrator privileges** to run security and patching scripts.
-- **Internet access** for updates and certain checks (e.g., public IP lookups).
+- **Administrator privileges** to execute the scripts.
+- **Internet access** for updates and certain features (e.g., public IP lookups).
 
 ---
 
 ## **Usage**
 
 ### **Run Individual Scripts**
-
-1. **Clone or download the repository**:
+1. Clone or download the repository:
    ```bash
-   git clone https://github.com/your-repo-name.git
-   cd your-repo-name
+   git clone https://github.com/davisconsultingservices/endpoint-management.git
+   cd endpoint-management
    ```
 
-2. **Open PowerShell as Administrator**.
-
-3. **Execute the desired script**:
+2. Open PowerShell as Administrator.
 
+3. Run the desired script:
    - **Security Checks**:
      ```powershell
      .\security.ps1
      ```
-
    - **System Updates**:
      ```powershell
      .\patching.ps1
      ```
-
    - **Secrets Reporting**:
      ```powershell
      .\secrets.ps1
      ```
 
 ---
 
+### **Run and Log All Scripts**
+1. Run `run_log.ps1` to execute all scripts and log outputs:
+   ```powershell
+   .\run_log.ps1
+   ```
+
+2. **Logging**:
+   - The script saves all console outputs in a log file named:
+     ```plaintext
+     endpoint_management_YYYYMMDD_HHMMSS.log
+     ```
+   - The log file is saved in the same directory as the script.
+
+3. **Reboot Handling**:
+   - If a reboot is triggered by `patching.ps1`, the script:
+     - Saves progress in `reboot_marker.txt`.
+     - Resumes execution of pending scripts after the system restarts.
+
+---
+
 ## **File Structure**
 
 ```plaintext
 .
 ├── security.ps1      # Script for security checks
 ├── patching.ps1      # Script for patch management
-└── secrets.ps1       # Reporting tool for secrets scanning
+├── secrets.ps1       # Reporting tool for secrets scanning
+└── run_log.ps1       # Logging and orchestration script
 ```
 
 ---
@@ -124,14 +157,22 @@ Findings:
     - Matches: AIzaSyD123456789abcdef
 ```
 
+### Logs (Syslog-Compatible):
+```plaintext
+2024-12-06T14:22:10.1234Z INFO .\security.ps1: Firewall is active
+2024-12-06T14:22:10.5678Z INFO .\patching.ps1: Updates installed successfully
+2024-12-06T14:22:11.5678Z ERROR .\secrets.ps1: File not found: C:\sensitive_data.txt
+```
+
 ---
 
 ## **Customization**
 
-### Modify the `secrets.ps1` Scan Configuration
-You can adjust the file extensions and patterns in `secrets.ps1` to suit your specific needs:
-- Add or remove **file types** from the `$ScanFileExtensions` array.
-- Expand **sensitive data patterns** in the `$Patterns` hashtable.
+### Modify the Scripts
+You can adjust the behavior of individual scripts as needed:
+- Add or remove checks and updates in `security.ps1` and `patching.ps1`.
+- Expand or refine the patterns in `secrets.ps1`.
+- Update the sequence or add new scripts in `run_log.ps1`.
 
 ---
 
@@ -145,6 +186,6 @@ Contributions are welcome! If you have ideas for improvements or additional feat
 
 This project is licensed under the MIT License. See `LICENSE` for details.
 
---- 
+---
 
-Let me know if you'd like more details or refinements!
+Let me know if you need further adjustments!

run_log.ps1

@@ -0,0 +1,93 @@
+# run_and_log.ps1
+# Ensures scripts in the same directory as this file are located and executed correctly.
+
+# Set the working directory to the folder containing this script
+$scriptFolder = Split-Path -Parent -Path $MyInvocation.MyCommand.Definition
+Set-Location -Path $scriptFolder
+
+# Function to generate syslog-compatible timestamps
+function Get-SyslogTimestamp {
+    return (Get-Date -Format "yyyy-MM-ddTHH:mm:ss.ffffK")
+}
+
+# Function to execute a script and capture its output
+function Run-Script {
+    param (
+        [string]$ScriptPath,
+        [string]$LogFile
+    )
+
+    if (-not (Test-Path $ScriptPath)) {
+        Write-Host "Script not found: $ScriptPath" -ForegroundColor Red
+        return
+    }
+
+    Write-Host "Running script: $ScriptPath" -ForegroundColor Cyan
+
+    try {
+        # Capture output and errors
+        $output = & $ScriptPath *>&1
+        $timestamp = Get-SyslogTimestamp
+
+        # Write output to log in syslog format
+        foreach ($line in $output) {
+            Add-Content -Path $LogFile -Value "$timestamp INFO $($ScriptPath): $line"
+        }
+
+        Write-Host "Output saved to: $LogFile" -ForegroundColor Green
+    }
+    catch {
+        $timestamp = Get-SyslogTimestamp
+        $errorMsg = $_.Exception.Message
+        Add-Content -Path $LogFile -Value "$timestamp ERROR $($ScriptPath): $errorMsg"
+        Write-Host "Error running script: $ScriptPath" -ForegroundColor Red
+    }
+}
+
+# Function to check for pending reboots after running patching.ps1
+function Is-RebootPending {
+    return Test-Path "C:\Windows\System32\RebootPending.txt"
+}
+
+# Main script execution with reboot handling
+try {
+    # Log file location
+    $logFileName = "endpoint_management_$(Get-Date -Format 'yyyyMMdd_HHmmss').log"
+    $logFilePath = Join-Path -Path (Get-Location) -ChildPath $logFileName
+
+    # List of scripts to run
+    $scripts = @(".\security.ps1", ".\patching.ps1", ".\secrets.ps1")
+
+    # Check for a marker file to determine if resuming after a reboot
+    $markerFile = Join-Path -Path (Get-Location) -ChildPath "reboot_marker.txt"
+
+    if (Test-Path $markerFile) {
+        Write-Host "Resuming execution after reboot..." -ForegroundColor Cyan
+        $completedScripts = Get-Content $markerFile
+        $scripts = $scripts | Where-Object { $_ -notin $completedScripts }
+        Remove-Item $markerFile -Force
+    }
+
+    # Run each script and log output
+    foreach ($script in $scripts) {
+        # Log completed scripts in case of reboot
+        Add-Content -Path $markerFile -Value $script
+        Run-Script -ScriptPath $script -LogFile $logFilePath
+
+        # Handle potential reboot from patching.ps1
+        if ($script -eq ".\patching.ps1" -and (Is-RebootPending)) {
+            Write-Host "Reboot triggered by patching.ps1. Saving progress and rebooting..." -ForegroundColor Cyan
+            Restart-Computer -Force
+        }
+    }
+
+    # Cleanup marker file if all scripts are completed
+    if (Test-Path $markerFile) {
+        Remove-Item $markerFile -Force
+    }
+
+    Write-Host "All scripts executed. Logs saved to: $logFilePath" -ForegroundColor Cyan
+}
+catch {
+    Write-Host "An error occurred while executing scripts: $_" -ForegroundColor Red
+}