CrySys Posted September 26, 2013 Share Posted September 26, 2013 Hello Everyone and thank you in advance for your help! I am a BRAND Newbie to the world of AutoIt and could really use the help of those of you that are seasoned vets! I am currently tasked with performing checks and audits against 9 Windows 2003 servers. The checks and audits include but are not limited to looking for certain reg keys and or looking for the existence of certain files. If certain file exists, verify the version of the file. I know that I know that I know that I KNOW AutoIT is my answer, but I'm just such a newbie I think I'm making things too difficult on myself. I will post what I have so far below but if someone could please (just this once) tap out something real quick for me that I can build off of I would be greatfull! The reason why this would be beneficial is if I can walk through the checks on ONE server and build my script, I can then run the script against the other 8 servers cutting my time in HALF! Here is what I have so far (please do not laugh at the infant level coding! HA!): ; declare logfile and location $logpath = "C:STIG_Results" $logfile = "filesearch.log" $log = $logpath & "" & $logfile ; create fresh log file FileOpen( $log , 10 ) ; log start time FileWriteLine( $log , @YEAR & "/" & @MON & "/" & @MDAY & " " & @HOUR & ":" & @MIN & ":" & @SEC & " Started" ) $Dir = @SystemDir """""I Would like to be able to define multiple areas to look if possible"""" Such as @SystemDir, @ProgramFilesDir, etc., but I do not know how to write that out!""""" Local $filename = FileGetShortName( $Dir & "") Local $ver = FileGetVersion( $Dir & "shell32.dll") MsgBox(0, $filename, $filename & $ver , 6) FileWriteLine( $log , $ver) Local $ver = FileGetVersion( $Dir & "resolutionobjectmodel.dll") MsgBox(0, $filename, $ver , 6) FileWriteLine( $log , $ver) Local $ver = FileGetVersion( $Dir & "inetcomm.dll") MsgBox(0, $filename, $ver , 6) FileWriteLine( $log , $ver) Local $ver = FileGetVersion( $Dir & "CMA") MsgBox(0, $filename, $ver , 6) FileWriteLine( $log , $ver) Local $ver = FileGetVersion( $Dir & "microsoft.sharepoint.dll") MsgBox(0, $filename, $ver , 6) FileWriteLine( $log , $ver) Local $ver = FileGetVersion( $Dir & "RealPlayer") MsgBox(0, $filename, $ver , 6) FileWriteLine( $log , $ver) Local $ver = FileGetVersion( $Dir & "citrix") MsgBox(0, $filename, $ver , 6) FileWriteLine( $log , $ver) Local $ver = FileGetVersion( $Dir & "mcafee") MsgBox(0, $filename, $ver , 6) FileWriteLine( $log , $ver) I'm using the message boxes to basically just let me know that it is actually looking and finding the file, they are not required. ULTIMATELY I would love to create a text file, say called "File2check.txt" containing all the various files and perhaps even registry keys that need to be audited and have AutoIT read through the text file and if there is a match then write the file name and file version to a log file that I have defined as filesearch.log. I'm having the hardest time getting the script to output the file name. The version part works fine as long as I go through and type in each blob of code a filename. The ideal logfile output would look something like: inetcomm.dll is found. Version is X.X.X.X shell32.dll is found. Version is X.X.X.X someother.dll is not found. etc... Please, any help or anyone willing to tap something out for me quickly would be AWESOME as contract time to audit these servers is running out! Thanks again! Link to comment Share on other sites More sharing options...
DatMCEyeBall Posted September 26, 2013 Share Posted September 26, 2013 (edited) CrySys, Please use the codebox when posting code instead of just posting it, see >here on how to do it. -DatMCEyeBall Edited September 26, 2013 by DatMCEyeBall "Just be fred, all we gotta do, just be fred." -Vocaliod "That is a Hadouken. A KAMEHAMEHA would have taken him 13 days and 54 episodes to form." - Roden Hoxha @tabhooked Clock made of cursors ♣ Desktop Widgets ♣ Water Simulation Link to comment Share on other sites More sharing options...
MHz Posted September 26, 2013 Share Posted September 26, 2013 (edited) Opt('ExpandEnvStrings', 1) Opt('ExpandVarStrings', 1) ; will expand %SYSTEMROOT% and @WindowsDir@ etc that is in the text file read $hRead = FileOpen('filelist.txt') If $hRead = -1 Then Exit 1 $hWrite = FileOpen('filelist.log', 1) If $hWrite = -1 Then FileClose($hRead) Exit 2 EndIf FileWrite($hWrite, @YEAR & '-' & @MON & '-' & @MDAY & ' ' & @HOUR & ':' & @MIN & ':' & @SEC & @TAB & 'Started for "' & @ComputerName & '"' & @CRLF & @CRLF) While 1 $sLine = FileReadLine($hRead) If @error Then ExitLoop If $sLine == '' Then ContinueLoop ; skip comment lines in the read file Switch StringLeft($sLine, 1) Case ';', '#' ContinueLoop EndSwitch If FileExists($sLine) Then FileWrite($hWrite, '"' & $sLine & '"' & @TAB & FileGetVersion($sLine) & @CRLF) Else FileWrite($hWrite, '"' & $sLine & '"' & @TAB & 'Not found' & @CRLF) EndIf WEnd ; give an extra blank line FileWrite($hWrite, @CRLF) FileClose($hRead) FileClose($hWrite) filelist.txt read @SystemDir@\shell32.dll %windir%\notepad.exe filelist.log written 2013-09-26 21:14:48 Started for "SomeMachineName" "C:\Windows\SysWOW64\shell32.dll" 6.1.7601.17755 "C:\Windows\notepad.exe" 6.1.7600.16385 You just create filelist.txt and place in the working directory to script. Note I ran it as 32 bit so SysWow64 was searched. The script will create filelist.log. Perhaps you can build on that. I am in a rush to relax. Edit: Fixed file handle check. Edited September 27, 2013 by MHz Link to comment Share on other sites More sharing options...
CrySys Posted September 26, 2013 Author Share Posted September 26, 2013 @DatMCEyeBall - Noted. Will do from now on, thank you! @MHz - Seruiously, you might have just saved my life! Thanks a million times over! It would have taken me countless sleepless nights to put that together! Again - Thank you!!! Link to comment Share on other sites More sharing options...
MHz Posted September 27, 2013 Share Posted September 27, 2013 Sleepless nights you say, oh. It may give you incentive to learn then I guess for future events. Note that I fixed an issue with the handle check. You perhaps may not experience the failure though it is best to have it fixed. Link to comment Share on other sites More sharing options...
CrySys Posted September 27, 2013 Author Share Posted September 27, 2013 Mhz - I do have one last question for you (again probably a foolish one): Will what you wrote also work for registry keys? For example, in the filelist.txt, if I placed the path to a registry key "HKLMSoftwareMicrosoft...etc" will this check for its existence? I'm thinking it will not. I would probably need to add some type of "IF Regread" statement, correct? It is fantastic though, I've already started using it! Thanks again! Link to comment Share on other sites More sharing options...
MHz Posted September 27, 2013 Share Posted September 27, 2013 (edited) That could be done. expandcollapse popupOpt('ExpandEnvStrings', 1) Opt('ExpandVarStrings', 1) ; will expand %SYSTEMROOT% and @WindowsDir@ etc that is in the text file read $hRead = FileOpen('filelist.txt') If $hRead = -1 Then Exit 1 $hWrite = FileOpen('filelist.log', 1) If $hWrite = -1 Then FileClose($hRead) Exit 2 EndIf FileWrite($hWrite, @YEAR & '-' & @MON & '-' & @MDAY & ' ' & @HOUR & ':' & @MIN & ':' & @SEC & @TAB & 'Started for "' & @ComputerName & '"' & @CRLF & @CRLF) While 1 $sLine = FileReadLine($hRead) If @error Then ExitLoop $sLine = StringStripWS($sLine, 3); trim whitespace If $sLine == '' Then ContinueLoop ; skip comment lines in the read file Switch StringLeft($sLine, 1) Case ';', '#' ContinueLoop EndSwitch Switch StringLeft($sLine, 5) Case 'HKCR\', 'HKCU\', 'HKLM\' $reg = StringSplit($sLine, ',', 2); no count Switch $reg[1] Case "''", '""' $reg[1] = '' EndSwitch If Not @error And IsArray($reg) Then FileWrite($hWrite, $sLine & @TAB & RegRead($reg[0], $reg[1]) & @CRLF) Else FileWrite($hWrite, $sLine & @TAB & 'Not found' & @CRLF) EndIf Case Else If FileExists($sLine) Then FileWrite($hWrite, '"' & $sLine & '"' & @TAB & FileGetVersion($sLine) & @CRLF) Else FileWrite($hWrite, '"' & $sLine & '"' & @TAB & 'Not found' & @CRLF) EndIf EndSwitch WEnd ; give an extra blank line FileWrite($hWrite, @CRLF) FileClose($hRead) FileClose($hWrite) So allows HKCR , HKCU , and HKLM . Default value can be '' or "" or even nothing following the comma (comma used to split keyname,valuename). As before, lines being with ; or # are recognized as comments filelist.txt # file paths @SystemDir@\shell32.dll %windir%\notepad.exe # registry values HKLM\SOFTWARE\Classes\.au3,'' HKLM\SOFTWARE\Classes\AutoIt3Script\Shell\Open\Command,'' filelist.log 2013-09-28 01:02:36 Started for "SomeMachineName" "C:\Windows\SysWOW64\shell32.dll" 6.1.7601.17755 "C:\Windows\notepad.exe" 6.1.7600.16385 HKLM\SOFTWARE\Classes\.au3,'' AutoIt3Script HKLM\SOFTWARE\Classes\AutoIt3Script\Shell\Open\Command,'' "C:\Program Files (x86)\AutoIt3\Scite\Scite.exe" "%1" Edit: Added StringStripWS so whitespace on either end of the line will be trimmed. Saves hassles if whitespace does exist without knowing.. Edited September 27, 2013 by MHz Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now