Exemplo n.º 1
0
        /// <summary>
        /// 인터넷 익스플로러 취약성 점검
        /// 레지스트리를 통해 인터넷 익스플로러 취약성을 검토
        /// </summary>
        /// <param name="item"></param>
        public static void Diagnosis_MA_001(CheckItem item)
        {
            string value = GreyWnReg.GetRegistryValue("SOFTWARE\\Microsoft\\Internet Explorer", "svcUpdateVersion", GreyWnReg.Hive.LocalMachine);
            int    MajorIeVersion;

            if (int.TryParse(value.Split('.').First(), out MajorIeVersion))
            {
                if (MajorIeVersion >= 11)
                {
                    item.Proofs["IeVersion"] = value;
                    item.Status = Result.Fulfilled;
                }
                else
                {
                    item.Status = Result.Negative;
                }
            }
            else
            {
                item.Status = Result.Negative;
            }


            // 진단 시작
        }
Exemplo n.º 2
0
        public static void Diagnosis_MA_008(CheckItem item)
        {
            // 진단 시작
            // HKEY_LOCAL_MACHINE\SOFTWARE\AhnLab\ASPack\9.0\Option\AVMON
            string value = GreyWnReg.GetRegistryValueEx("SOFTWARE\\AhnLab\\ASPack\\9.0\\Option\\AVMON", "sysmonuse", GreyWnReg.Hive.LocalMachine);

            item.Proofs.Add("sysmonuse", value);
            if (value != "1")
            {
                item.Status = Result.Negative;
            }
            value = GreyWnReg.GetRegistryValueEx("SOFTWARE\\AhnLab\\ASPack\\9.0\\ServiceStatus", "AvMon", GreyWnReg.Hive.LocalMachine);
            item.Proofs.Add("AvMon", value);
            if (value != "1")
            {
                item.Status = Result.Negative;
            }

            if (item.Status != Result.Negative)
            {
                item.Status = Result.Fulfilled;
            }
        }
Exemplo n.º 3
0
        /// <summary>
        /// 보안프로그램 설치 현황을 확인
        /// </summary>
        /// <param name="item"></param>
        public static void Diagnosis_MA_005(CheckItem item)
        {
            int Count = 0;

            try
            {
                string        MainKey           = @"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall";
                List <string> InstalledSoftware = new List <string>();
                // 진단 시작
                string[] subkeys = GreyWnReg.GetSubKeyNames(MainKey, GreyWnReg.Hive.LocalMachine);

                foreach (var key in subkeys)
                {
                    string value = GreyWnReg.GetRegistryValue(string.Join("\\", MainKey, key), "DisplayName", GreyWnReg.Hive.LocalMachine);
                    if (value != null)
                    {
                        InstalledSoftware.Add(value);
                    }
                }

                MainKey = @"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall";
                string[] subkeys2 = GreyWnReg.GetSubKeyNames(MainKey, GreyWnReg.Hive.LocalMachine);

                foreach (var key in subkeys2)
                {
                    string value = GreyWnReg.GetRegistryValue(string.Join("\\", MainKey, key), "DisplayName", GreyWnReg.Hive.LocalMachine);
                    if (value != null)
                    {
                        InstalledSoftware.Add(value);
                    }
                }

                // APC 체크
                IEnumerable <string> results = InstalledSoftware.Where(x => x != null && x.ToLower().Contains("ahn") && x.ToLower().Contains("policy") && x.ToLower().Contains("agent"));
                if (results.Count() > 0)
                {
                    foreach (var elem in results)
                    {
                        if (elem != null)
                        {
                            try
                            {
                                item.Proofs.Add(elem, "설치");
                            }
                            catch (Exception)
                            {
                            }
                        }
                    }
                }
                else
                {
                    try
                    {
                        item.Proofs.Add("APC Agent", "미설치");
                        Count += 1;
                    }
                    catch (Exception)
                    {
                    }
                }

                // 매체제어 체크 체크
                Process[] localAll = Process.GetProcesses();
                // 서비스 목록 출력
                ServiceController[] scServices = ServiceController.GetServices();

                IEnumerable <Process> sdpa = localAll.Where(x => x.ProcessName.ToLower().Contains("SDPA".ToLower()));

                if (sdpa.Count() > 0)
                {
                    foreach (var elem in sdpa)
                    {
                        if (elem != null)
                        {
                            try
                            {
                                item.Proofs.Add(elem.ProcessName, "설치");
                            }
                            catch (Exception) { }
                        }
                    }
                }
                else
                {
                    try
                    {
                        item.Proofs.Add("매체 제어(SDPA)", "미설치");
                        Count += 1;
                    }
                    catch (Exception) { }
                }

                IEnumerable <Process> n5client = localAll.Where(x => x != null & x.ProcessName.ToLower().Contains("n5client".ToLower()));

                if (n5client.Count() > 0)
                {
                    foreach (var elem in n5client)
                    {
                        if (elem != null)
                        {
                            try
                            {
                                item.Proofs.Add(elem.ProcessName, "설치");
                            }
                            catch (Exception) { }
                        }
                    }
                }
                else
                {
                    try
                    {
                        item.Proofs.Add("NetClient", "미설치");
                        Count += 1;
                    }
                    catch (Exception) { }
                }

                IEnumerable <Process> edpa = localAll.Where(x => x != null & x.ProcessName.ToLower().Contains("edpa".ToLower()));
                //scServices.Where(x => x != null & x.DisplayName )
                if (edpa.Count() > 0)
                {
                    foreach (var elem in edpa)
                    {
                        if (elem != null)
                        {
                            try
                            {
                                item.Proofs.Add(elem.ProcessName, "설치");
                            }
                            catch (Exception) { }
                        }
                    }
                }
                else
                {
                    try
                    {
                        item.Proofs.Add("데이터 유출 방지프로그램(DLP)", "미설치");
                        Count += 1;
                    }
                    catch (Exception) { }
                }

                IEnumerable <string> backoffice = InstalledSoftware.Where(x => x != null && x.ToLower().Contains("BACKOFFICE"));
                if (backoffice.Count() > 0)
                {
                    foreach (var elem in backoffice)
                    {
                        if (elem != null)
                        {
                            try
                            {
                                item.Proofs.Add(elem, "설치");
                                Count += 1;
                            }
                            catch (Exception)
                            {
                            }
                        }
                    }
                }
                else
                {
                    try
                    {
                        item.Proofs.Add("BackOffice", "미설치");
                    }
                    catch (Exception)
                    {
                    }
                }


                IEnumerable <string> MiPlatform = InstalledSoftware.Where(x => x != null && x.ToLower().Contains("MiPlatform"));
                if (MiPlatform.Count() > 0)
                {
                    foreach (var elem in MiPlatform)
                    {
                        if (elem != null)
                        {
                            try
                            {
                                item.Proofs.Add(elem, "설치");
                                Count += 1;
                            }
                            catch (Exception)
                            {
                            }
                        }
                    }
                }
                else
                {
                    try
                    {
                        item.Proofs.Add("송장 출력 프로그램", "미설치");
                    }
                    catch (Exception)
                    {
                    }
                }
            }catch (Exception e)
            {
                MessageBox.Show(e.Message);
            }


            if (Count > 0)
            {
                item.Status = Result.Negative;
            }
            else
            {
                item.Status = Result.Fulfilled;
            }
        }