diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/README.md b/README.md index d9912bc..603b287 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,17 @@ -# PowerShell Scripts for Security, Patching, and Secrets Reporting +### **Updated README for Endpoint Management** -This repository includes PowerShell scripts designed for **security checks**, **patch management**, and **secrets reporting**. Each script provides a focused and modular functionality, offering actionable insights and maintaining system hygiene. +--- + +# PowerShell Scripts for Security, Patching, Secrets Reporting, and Logging + +This repository includes PowerShell scripts designed for endpoint management, covering tasks such as **security checks**, **patch management**, **secrets reporting**, and **logging script outputs** for audit and review purposes. Each script is modular and can be executed individually or orchestrated using the provided logging script. --- ## **Scripts Overview** ### **1. `security.ps1`** -Performs comprehensive system-level security checks: +Performs system-level security assessments: - Verifies the firewall status and active rules. - Scans for open ports and their associated processes. - Audits installed software and versions to check for outdated or vulnerable applications. @@ -20,54 +24,62 @@ Performs comprehensive system-level security checks: Handles patch management and updates: - Installs Windows updates. - Updates third-party applications via `winget` and the Microsoft Store. +- Logs skipped, failed, and successfully updated packages. - Detects and schedules system reboots if necessary. -- Logs all updates for later review and provides a summary of completed tasks. +- Cleans up deployment logs for better system hygiene. --- ### **3. `secrets.ps1`** A **reporting tool** for scanning files and directories for sensitive data: -- Detects patterns related to: - - Personally Identifiable Information (PII) such as Social Security Numbers and emails. - - Financial data like IBANs, SWIFT codes, US routing numbers, and account numbers. +- Detects patterns such as: + - Personally Identifiable Information (PII) like Social Security Numbers and emails. + - Financial data like IBANs, SWIFT codes, and US routing/account numbers. - Cryptographic secrets, including API keys, JSON Web Tokens (JWTs), private keys, and passwords. -- Supports a wide variety of file formats, including text files, logs, JSON, CSV, Office documents, and compressed archives. +- Supports a variety of file formats including text files, logs, JSON, CSV, Office documents, and compressed archives. - Outputs a detailed, actionable report to the console. --- +### **4. `run_log.ps1`** +The **logging and orchestration script**: +- Executes `security.ps1`, `patching.ps1`, and `secrets.ps1` in sequence. +- Captures console output from each script and saves it in a **syslog-compatible format**. +- Handles system reboots triggered by `patching.ps1`: + - Tracks completed scripts using a marker file (`reboot_marker.txt`). + - Resumes execution after the system restarts. +- Ensures all logs are saved in a single file for audit purposes. + +--- + ## **Requirements** - **PowerShell 5.1 or later**. -- **Administrator privileges** to run security and patching scripts. -- **Internet access** for updates and certain checks (e.g., public IP lookups). +- **Administrator privileges** to execute the scripts. +- **Internet access** for updates and certain features (e.g., public IP lookups). --- ## **Usage** ### **Run Individual Scripts** - -1. **Clone or download the repository**: +1. Clone or download the repository: ```bash - git clone https://github.com/your-repo-name.git - cd your-repo-name + git clone https://github.com/davisconsultingservices/endpoint-management.git + cd endpoint-management ``` -2. **Open PowerShell as Administrator**. - -3. **Execute the desired script**: +2. Open PowerShell as Administrator. +3. Run the desired script: - **Security Checks**: ```powershell .\security.ps1 ``` - - **System Updates**: ```powershell .\patching.ps1 ``` - - **Secrets Reporting**: ```powershell .\secrets.ps1 @@ -75,13 +87,34 @@ A **reporting tool** for scanning files and directories for sensitive data: --- +### **Run and Log All Scripts** +1. Run `run_log.ps1` to execute all scripts and log outputs: + ```powershell + .\run_log.ps1 + ``` + +2. **Logging**: + - The script saves all console outputs in a log file named: + ```plaintext + endpoint_management_YYYYMMDD_HHMMSS.log + ``` + - The log file is saved in the same directory as the script. + +3. **Reboot Handling**: + - If a reboot is triggered by `patching.ps1`, the script: + - Saves progress in `reboot_marker.txt`. + - Resumes execution of pending scripts after the system restarts. + +--- + ## **File Structure** ```plaintext . ├── security.ps1 # Script for security checks ├── patching.ps1 # Script for patch management -└── secrets.ps1 # Reporting tool for secrets scanning +├── secrets.ps1 # Reporting tool for secrets scanning +└── run_log.ps1 # Logging and orchestration script ``` --- @@ -124,14 +157,22 @@ Findings: - Matches: AIzaSyD123456789abcdef ``` +### Logs (Syslog-Compatible): +```plaintext +2024-12-06T14:22:10.1234Z INFO .\security.ps1: Firewall is active +2024-12-06T14:22:10.5678Z INFO .\patching.ps1: Updates installed successfully +2024-12-06T14:22:11.5678Z ERROR .\secrets.ps1: File not found: C:\sensitive_data.txt +``` + --- ## **Customization** -### Modify the `secrets.ps1` Scan Configuration -You can adjust the file extensions and patterns in `secrets.ps1` to suit your specific needs: -- Add or remove **file types** from the `$ScanFileExtensions` array. -- Expand **sensitive data patterns** in the `$Patterns` hashtable. +### Modify the Scripts +You can adjust the behavior of individual scripts as needed: +- Add or remove checks and updates in `security.ps1` and `patching.ps1`. +- Expand or refine the patterns in `secrets.ps1`. +- Update the sequence or add new scripts in `run_log.ps1`. --- @@ -145,6 +186,6 @@ Contributions are welcome! If you have ideas for improvements or additional feat This project is licensed under the MIT License. See `LICENSE` for details. ---- +--- -Let me know if you'd like more details or refinements! +Let me know if you need further adjustments! \ No newline at end of file diff --git a/run_log.ps1 b/run_log.ps1 new file mode 100644 index 0000000..a431c5d --- /dev/null +++ b/run_log.ps1 @@ -0,0 +1,93 @@ +# run_and_log.ps1 +# Ensures scripts in the same directory as this file are located and executed correctly. + +# Set the working directory to the folder containing this script +$scriptFolder = Split-Path -Parent -Path $MyInvocation.MyCommand.Definition +Set-Location -Path $scriptFolder + +# Function to generate syslog-compatible timestamps +function Get-SyslogTimestamp { + return (Get-Date -Format "yyyy-MM-ddTHH:mm:ss.ffffK") +} + +# Function to execute a script and capture its output +function Run-Script { + param ( + [string]$ScriptPath, + [string]$LogFile + ) + + if (-not (Test-Path $ScriptPath)) { + Write-Host "Script not found: $ScriptPath" -ForegroundColor Red + return + } + + Write-Host "Running script: $ScriptPath" -ForegroundColor Cyan + + try { + # Capture output and errors + $output = & $ScriptPath *>&1 + $timestamp = Get-SyslogTimestamp + + # Write output to log in syslog format + foreach ($line in $output) { + Add-Content -Path $LogFile -Value "$timestamp INFO $($ScriptPath): $line" + } + + Write-Host "Output saved to: $LogFile" -ForegroundColor Green + } + catch { + $timestamp = Get-SyslogTimestamp + $errorMsg = $_.Exception.Message + Add-Content -Path $LogFile -Value "$timestamp ERROR $($ScriptPath): $errorMsg" + Write-Host "Error running script: $ScriptPath" -ForegroundColor Red + } +} + +# Function to check for pending reboots after running patching.ps1 +function Is-RebootPending { + return Test-Path "C:\Windows\System32\RebootPending.txt" +} + +# Main script execution with reboot handling +try { + # Log file location + $logFileName = "endpoint_management_$(Get-Date -Format 'yyyyMMdd_HHmmss').log" + $logFilePath = Join-Path -Path (Get-Location) -ChildPath $logFileName + + # List of scripts to run + $scripts = @(".\security.ps1", ".\patching.ps1", ".\secrets.ps1") + + # Check for a marker file to determine if resuming after a reboot + $markerFile = Join-Path -Path (Get-Location) -ChildPath "reboot_marker.txt" + + if (Test-Path $markerFile) { + Write-Host "Resuming execution after reboot..." -ForegroundColor Cyan + $completedScripts = Get-Content $markerFile + $scripts = $scripts | Where-Object { $_ -notin $completedScripts } + Remove-Item $markerFile -Force + } + + # Run each script and log output + foreach ($script in $scripts) { + # Log completed scripts in case of reboot + Add-Content -Path $markerFile -Value $script + Run-Script -ScriptPath $script -LogFile $logFilePath + + # Handle potential reboot from patching.ps1 + if ($script -eq ".\patching.ps1" -and (Is-RebootPending)) { + Write-Host "Reboot triggered by patching.ps1. Saving progress and rebooting..." -ForegroundColor Cyan + Restart-Computer -Force + } + } + + # Cleanup marker file if all scripts are completed + if (Test-Path $markerFile) { + Remove-Item $markerFile -Force + } + + Write-Host "All scripts executed. Logs saved to: $logFilePath" -ForegroundColor Cyan +} +catch { + Write-Host "An error occurred while executing scripts: $_" -ForegroundColor Red +}