migrate to git.charlotte.sh

2025-04-19 23:42:08 -04:00 · 2025-04-19 23:42:08 -04:00 · fbd588721e
commit fbd588721e
412 changed files with 13750 additions and 0 deletions
--- a/automation-sys320/week06/Event-Logs.ps1
+++ b/automation-sys320/week06/Event-Logs.ps1
@ -0,0 +1,97 @@
+. (Join-Path $PSScriptRoot String-Helper.ps1)
+. (Join-Path $PSScriptRoot Users.ps1)
+
+<# ******************************
+     Function: get event logs from login and logouts
+     Input: time back to search
+     Output: Array of login/out objects
+****************************** #>
+function getLogInAndOffs($timeBack){
+
+$loginouts = Get-EventLog system -source Microsoft-Windows-Winlogon -After (Get-Date).AddDays("-"+"$timeBack")
+
+$loginoutsTable = @()
+for($i=0; $i -lt $loginouts.Count; $i++){
+
+$type = ""
+if($loginouts[$i].InstanceID -eq 7001) {$type="Logon"}
+if($loginouts[$i].InstanceID -eq 7002) {$type="Logoff"}
+
+
+# Check if user exists first
+$user = (New-Object System.Security.Principal.SecurityIdentifier `
+         $loginouts[$i].ReplacementStrings[1]).Translate([System.Security.Principal.NTAccount])
+
+$loginoutsTable += [pscustomobject]@{"Time" = $loginouts[$i].TimeGenerated; `
+                                       "Id" = $loginouts[$i].InstanceId; `
+                                    "Event" = $type; `
+                                     "User" = $user;
+                                     }
+} # End of for
+
+return $loginoutsTable
+} # End of function getLogInAndOffs
+
+
+
+
+<# ******************************
+     Function: get windows event logs for failed logins
+     Input: time to search back
+     Output: array of failed login objects
+****************************** #>
+function getFailedLogins($timeBack){
+  
+  $failedlogins = Get-EventLog security -After (Get-Date).AddDays("-"+"$timeBack") | Where { $_.InstanceID -eq "4625" }
+
+  $failedloginsTable = @()
+  for($i=0; $i -lt $failedlogins.Count; $i++){
+
+    $account=""
+    $domain="" 
+
+    $usrlines = getMatchingLines $failedlogins[$i].Message "*Account Name*"
+    $usr = $usrlines[1].Split(":")[1].trim()
+
+    $dmnlines = getMatchingLines $failedlogins[$i].Message "*Account Domain*"
+    $dmn = $dmnlines[1].Split(":")[1].trim()
+
+    $user = $dmn+"\"+$usr;
+
+    $failedloginsTable += [pscustomobject]@{"Time" = $failedlogins[$i].TimeGenerated; `
+                                       "Id" = $failedlogins[$i].InstanceId; `
+                                    "Event" = "Failed"; `
+                                     "User" = $user;
+                                     }
+
+    }
+
+    return $failedloginsTable
+} # End of function getFailedLogins
+
+
+
+<# ******************************************************
+   Functions: get at risk users, >10 failed logins in time frame
+   Input: time to search back
+   Output: array of users & numfailedlogin objects
+********************************************************* #>
+function getAtRiskUsers($timeBack){
+        $users = getEnabledUsers
+        $failedLogins = getFailedLogins $timeBack
+
+        $atRiskUsers = @()
+
+        for($i=0; $i -lt $users.Count; $i++){
+            $name = $users[$i].Name  
+            $failCount = ($failedLogins | Where-Object { $_.User -ilike "*$name"} ).Count
+            if($failCount -ge 10){
+                $atRiskUsers += [pscustomobject]@{"User" = $name; `
+                                                  "Failed Logins" = $failCount; }                  
+            }
+
+        }
+
+        return $atRiskUsers
+
+}
--- a/automation-sys320/week06/String-Helper.ps1
+++ b/automation-sys320/week06/String-Helper.ps1
@ -0,0 +1,55 @@
+<# String-Helper
+*************************************************************
+   This script contains functions that help with String/Match/Search
+   operations. 
+************************************************************* 
+#>
+
+
+<# ******************************************************
+   Functions: Get Matching Lines
+   Input:   1) Text with multiple lines  
+            2) Keyword
+   Output:  1) Array of lines that contain the keyword
+********************************************************* #>
+function getMatchingLines($contents, $lookline){
+
+$allines = @()
+$splitted =  $contents.split([Environment]::NewLine)
+
+for($j=0; $j -lt $splitted.Count; $j++){  
+ 
+   if($splitted[$j].Length -gt 0){  
+        if($splitted[$j] -ilike $lookline){ $allines += $splitted[$j] }
+   }
+
+}
+
+return $allines
+}
+
+<# ******************************************************
+   Functions: Checks if password is >6char, includes a digit, and includes a special character
+   Input:   1) Password
+   Output:  1) Boolean if password is valid
+********************************************************* #>
+function checkpassword($passwd){
+    Write-Host $passwd
+    if($passwd.Length -lt 6){
+        Write-Host "failed length test" | Out-String
+        return $false
+    }
+    elseif($passwd -notmatch "[0-9]"){
+        Write-Host "Digit Test" | Out-String
+        return $false
+    }
+    elseif($passwd -notmatch "[!$%^@#&().-]"){
+        Write-Host "special character test" | Out-String
+        return $false
+    }else{
+        Write-Host "here"
+        return $true
+    }
+}
+
+#checkpassword("abcd123!")
--- a/automation-sys320/week06/TurnToMenu.ps1
+++ b/automation-sys320/week06/TurnToMenu.ps1
@ -0,0 +1,67 @@
+. (Join-Path $PSScriptRoot ../week4/ParsingApacheLogs.ps1)
+
+. (Join-Path $PSScriptRoot Users.ps1)
+. (Join-Path $PSScriptRoot Event-Logs.ps1)
+
+clear
+
+$Prompt  = "Please choose your operation:`n"
+$Prompt += "1 - Display last 10 apache logs`n"
+$Prompt += "2 - Display last 10 failed logins (all users)`n"
+$Prompt += "3 - Display At Risk users`n"
+$Prompt += "4 - Start Chrome`n"
+$Prompt += "5 - Exit`n"
+
+
+$operation = $true
+
+while($operation){
+
+    
+    Write-Host $Prompt | Out-String
+    $choice = Read-Host 
+
+
+    if($choice -eq 5){
+        Write-Host "Goodbye" | Out-String
+        exit
+        $operation = $false 
+    }
+
+    #display last 10 apache logs
+    elseif($choice -eq 1){1
+        $apachelogs= ApacheLogs1
+        $apachelogs[-10..-1] | Select IP, Time, Method, Page, Protocol, Response, referrer, Client | Out-String
+    }
+
+    #display last 10 failed logins(all user)
+    elseif($choice -eq 2){
+        $failedlogins = getFailedLogins 90
+        $failedlogins[-10..-1] | Select Time, User | Out-String
+    }
+
+    #display at risk users
+    elseif($choice -eq 3){
+        $timeSince = Read-Host -Prompt "enter number of days to search back"
+        $atRiskUsers = getAtRiskUsers $timeSince
+
+        Write-Host ($atRiskUsers | Format-Table | Out-String)
+    }
+
+    # start chrome, and navigate to champlain.edu - if no instance of chrome is running
+    elseif($choice -eq 4){
+        if(Get-Process -Name chrome -ErrorAction SilentlyContinue){
+            Write-Host "Chrome Already Running."
+        }
+        else{
+            Write-Host "Chrome not running. Starting now"
+            Start-Process 'C:\Program Files\Google\Chrome\Application\chrome.exe' `
+            '--new-window https://champlain.edu'
+        }
+    }
+
+    else{
+        Write-Host "invalid input. 1-5 allowed`n"
+    }
+
+}
--- a/automation-sys320/week06/Users.ps1
+++ b/automation-sys320/week06/Users.ps1
@ -0,0 +1,81 @@
+
+
+<# ******************************
+# Create a function that returns a list of NAMEs AND SIDs only for enabled users
+****************************** #>
+function getEnabledUsers(){
+
+  $enabledUsers = Get-LocalUser | Where-Object { $_.Enabled -ilike "True" } | Select-Object Name, SID
+  return $enabledUsers
+
+}
+
+function checkuser($name){
+    $users = Get-LocalUser | Where-Object { $_.name -ilike $name }
+    if($users.Count -lt 1){ return $false}
+    else { return $true }
+}
+
+#checkuser("champuser2")
+
+<# ******************************
+# Create a function that returns a list of NAMEs AND SIDs only for not enabled users
+****************************** #>
+function getNotEnabledUsers(){
+
+  $notEnabledUsers = Get-LocalUser | Where-Object { $_.Enabled -ilike "False" } | Select-Object Name, SID
+  return $notEnabledUsers
+
+}
+
+
+
+
+<# ******************************
+# Create a function that adds a user
+****************************** #>
+function createAUser($name, $password){
+
+   $params = @{
+     Name = $name
+     Password = $password
+   }
+
+   $newUser = New-LocalUser @params 
+
+
+   # ***** Policies ******
+
+   # User should be forced to change password
+   Set-LocalUser $newUser -PasswordNeverExpires $false
+
+   # First time created users should be disabled
+   Disable-LocalUser $newUser
+
+}
+
+
+
+function removeAUser($name){
+   
+   $userToBeDeleted = Get-LocalUser | Where-Object { $_.name -ilike $name }
+   Remove-LocalUser $userToBeDeleted
+   
+}
+
+
+
+function disableAUser($name){
+   
+   $userToBeDeleted = Get-LocalUser | Where-Object { $_.name -ilike $name }
+   Disable-LocalUser $userToBeDeleted
+   
+}
+
+
+function enableAUser($name){
+   
+   $userToBeEnabled = Get-LocalUser | Where-Object { $_.name -ilike $name }
+   Enable-LocalUser $userToBeEnabled
+   
+}
--- a/automation-sys320/week06/main.ps1
+++ b/automation-sys320/week06/main.ps1
@ -0,0 +1,157 @@
+. (Join-Path $PSScriptRoot Users.ps1)
+. (Join-Path $PSScriptRoot Event-Logs.ps1)
+
+clear
+
+$Prompt  = "Please choose your operation:`n"
+$Prompt += "1 - List Enabled Users`n"
+$Prompt += "2 - List Disabled Users`n"
+$Prompt += "3 - Create a User`n"
+$Prompt += "4 - Remove a User`n"
+$Prompt += "5 - Enable a User`n"
+$Prompt += "6 - Disable a User`n"
+$Prompt += "7 - Get Log-In Logs`n"
+$Prompt += "8 - Get Failed Log-In Logs`n"
+$Prompt += "9 - List at Risk Users`n"
+$Prompt += "0 - Exit`n"
+
+
+
+$operation = $true
+
+while($operation){
+
+    
+    Write-Host $Prompt | Out-String
+    $choice = Read-Host 
+
+    # exit
+    if($choice -eq 0){
+        Write-Host "Goodbye" | Out-String
+        exit
+        $operation = $false 
+    }
+
+    # get enabled users
+    elseif($choice -eq 1){
+        $enabledUsers = getEnabledUsers
+        Write-Host ($enabledUsers | Format-Table | Out-String)
+    }
+
+    #get not enabled users
+    elseif($choice -eq 2){
+        $notEnabledUsers = getNotEnabledUsers
+        Write-Host ($notEnabledUsers | Format-Table | Out-String)
+    }
+
+
+    # Create a user
+    elseif($choice -eq 3){ 
+
+        $name = Read-Host -Prompt "Please enter the username for the new user"
+        
+        $chkuser = checkuser $name
+        if($chkuser -ne $true){  # check if user already exists      
+            $password = Read-Host -AsSecureString -Prompt "Please enter the password for the new user"
+            $bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
+            $plainpassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)
+            $chkPasswd = checkpassword $plainpassword
+
+            if($chkPasswd -ne $false){ # check if password is valid
+               createAUser $name $password
+               Write-Host "User: $name is created." | Out-String
+            }
+            else{ Write-Host "invalid password" | Out-String }
+       
+        }
+        else { Write-Host "user already exists" | Out-String}
+    }
+
+
+    # Remove a user
+    elseif($choice -eq 4){
+
+        $name = Read-Host -Prompt "Please enter the username for the user to be removed"
+
+        $chkUser = checkuser $name
+        if($chkUser -eq $true){# check if user already exists
+            removeAUser $name
+            Write-Host "User: $name Removed." | Out-String
+        }
+        else { Write-Host "user does not exist" | Out-String }
+    }
+
+
+    # Enable a user
+    elseif($choice -eq 5){
+
+
+        $name = Read-Host -Prompt "Please enter the username for the user to be enabled"
+
+        $chkUser = checkuser $name
+        
+        if($chkUser -eq $true){ # check if user already exists
+            enableAUser $name
+            Write-Host "User: $name Enabled." | Out-String
+        }
+        else { Write-Host "user does not exist" | Out-String }
+
+    }
+
+
+    # Disable a user
+    elseif($choice -eq 6){
+
+        $name = Read-Host -Prompt "Please enter the username for the user to be disabled"
+
+        $chkUser = checkuser $name
+        if($chkUser -eq $true){ # check if user already exists
+            disableAUser $name
+            Write-Host "User: $name Disabled." | Out-String
+        }
+        else{ Write-Host "user does not exist" | Out-String }
+    }
+
+    # get login logs
+    elseif($choice -eq 7){
+
+        $name = Read-Host -Prompt "Please enter the username for the user logs"
+
+        $chkUser = checkuser $name
+        if($chkUser -eq $true){ # check if user already exists
+
+            $timeSince = Read-Host -Prompt "enter number of days to search back"
+            $userLogins = getLogInAndOffs $timeSince
+
+            Write-Host ($userLogins | Where-Object { $_.User -ilike "*$name"} | Format-Table | Out-String)
+        }
+        else { Write-Host "user does not exist" | Out-String }
+    }
+
+    # get failed login logs
+    elseif($choice -eq 8){
+
+        $name = Read-Host -Prompt "Please enter the username for the user's failed login logs"
+        
+        $chkUser = checkuser $name
+        if($chkUser -eq $true){ # check if user already exists
+            $timeSince = Read-Host -Prompt "enter number of days to search back"
+            $userLogins = getFailedLogins $timeSince
+     
+           Write-Host ($userLogins | Where-Object { $_.User -ilike "*$name"} | Format-Table | Out-String)
+        }
+        else { Write-Host "user does not exist" | Out-String }
+    }
+
+    # get at risk users, >10 failed logins in time frame
+    elseif($choice -eq 9){
+        $timeSince = Read-Host -Prompt "enter number of days to search back"
+        $atRiskUsers = getAtRiskUsers $timeSince
+        Write-Host ($atRiskUsers | Format-Table | Out-String)
+    }
+
+
+    else{
+        Write-Host "invalid input: 0-9 allowed`n" | Out-String
+    }
+