We help IT Professionals succeed at work.

Windows batch script to check security hardening & gen a html report

487 Views
Last Modified: 2017-05-01
I'm given hundreds of outputs from Cisco switches / routers so instead of
manually checking them for compliance to hardening standards, need
a script to gen reports.  So,

I'm given  device1.txt, device2.txt, deviceX.txt...,  all saved into one common folder
where deviceX  is the hostname of the switch/router/device.

Need a batch script (prefers this over Powershell as I can enhance them
myself as I'm very 'newbie' in PowerShell) that do something as follows:

For each .txt file in the folder,
Do
   echo "Hardening compliance report  `date in DD-MMM-YYYY` " >> deviceX.htm

   find/I "enable secret 5" deviceX.txt
   REM if the above text is found, then report as compliant
   if %errorlevel% == "0"
      REM highlight the text "Compliant"  in green text if possible
      echo "enable secret 5" + " is enabled, ==> Compliant" >> deviceX.htm
    else
      REM highlight the text "Non-Compliant" in red color if possible
      echo "enable secret 5" + " is disabled ==> Non-compliant" >> deviceX.htm
   endif


   find/I "service password encryption" deviceX.txt
   REM if the above text is found, then report as compliant
   if %errorlevel% == "0"
      REM highlight the text "Compliant"  in green text if possible
      echo "service password encryption" + " is enabled, ==> Compliant" >> deviceX.htm
    else
      REM highlight the text "Non-Compliant" in red color if possible
      echo "service password encryption" + " is Disabled ==> Non-compliant" >> deviceX.htm
   endif

End For loop
Comment
Watch Question

Author

Commented:
I'll add on/repeat additional parameters to check eg:

   find/I "hardening parameter X" deviceX.txt
    REM if the above text is found, then report as compliant
    if %errorlevel% == "0"
       REM highlight the text "Compliant"  in green text if possible
       echo "hardening parameter X" + " is enabled, ==> Compliant" >> deviceX.htm
     else
       REM highlight the text "Non-Compliant" in red color if possible
       echo "hardening parameter X" + " is Disabled ==> Non-compliant" >> deviceX.htm
    endif
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
This should give you a starting point

@echo off

for %%f in (*.txt) do call:FindTextInFile "enable secret 5" "%%f"

:FindTextInFile
findstr /m "%~1" "%~2"
if %errorlevel%==0 (
echo "%~1 is enabled, ==> Compliant")

goto End

:End

Open in new window

Author

Commented:
Thanks Shaun.

How do get an output that is in html format so that the report looks formal?
Some sort of html characters need to be inserted into the  *.htm  files??

Coloring can be another enhancement.

Does the line below "joins" the parameter & text together?
"%~1 is enabled, ==> Compliant")
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
How do get an output that is in html format so that the report looks formal?
Some sort of html characters need to be inserted into the  *.htm  files??
Something like this
echo "<html><head><title>Report</title></head><body>" > report.html
...
echo "<p style="color:red">%~1 is enabled, ==> Compliant</p>" >> report.html
...
echo "</body><html>" >> report.html

Open in new window



Coloring can be another enhancement.
Using inline styles such as
<p style="color:red">

Open in new window


Does the line below "joins" the parameter & text together?
"%~1 is enabled, ==> Compliant")
Yes
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
Thanks v much guys.

oBdA, what's the exact command to run the powerShell script ?  Need to enter
any parameter on the PowerShell command line?  I'm greenhorn with PowerShell
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
Save first code block into a PS1 file and run it from withing Powershell.exe
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
Save the script as Whatever.ps1.
Set the path in line 1.
Set your tests in the $ComplianceTests hash table, like the existing examples.
Then it's not that different from batch:
Open a Powershell console, "cd" (now an alias for Set-Location) into the folder where you saved the file, and enter
.\Whatever.ps1
Notice that to run PS script, the path is always required, even (and especially) if you're in the same folder as the script; that's to make sure you're actually running the script you're planning to, not maybe a cmdlet or an executable with the same name.
Tab completion is always available.
Most important command:
Get-Help <Cmdlet>

You might have to set the Execution Policy if PS complains that the script is not signed. This is more of a protection against accidental execution, not a real security feature.
Start with
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
in an elevated prompt.
CERTIFIED EXPERT
Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
Full solution provided.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.