Home | SecuLution Version 1.x Dokumentation | Zurück Vor |
|
DIESE DOKUMENTATION IST NICHT AKTUELL!!!Die aktuelle Dokumentation ist erhältlich unter: SecuLution 2.x Dokumentation als Google Docs Dokument (empfohlen) SecuLution 2.x Dokumentation als html Datei Die aktuelle FAQ zu SecuLution Application Whitelisting ist erhältlich unter: SecuLution 2.x FAQ als Google Docs Dokument (empfohlen) SecuLution 2.x FAQ als eine html Datei Die folgende Dokumentation beschreibt das nicht mehr aktuelle Produkt SecuLution Application Whitelisting in den Versionen 1.x. Seit April 2018 ist SecuLution Application Whitelisting in der Version 2.x erhältlich. Seit Oktober 2019 ist der Support für SecuLution 1.x eingestellt. Aufgaben automatisieren
Vorbereitung im AdminWizard zur Verwendung von Scripting
Vorbereitungen am WSUS Server
Erstellen und Anpassen der nachts.batDie meisten Aufgaben, die Sie manuell in der GUI des AdminWizards durchführen, können in Scripten automatisiert werden. Eine detaillierte Beschreibung, wie die Befehlszeilenargumente für den AdminWizard in einem Script verwendet werden können, kann in der Datei "example-script.bat" im AdminWizards Ordner gefunden werden.Zur Vorbereitung der "nachts.bat":
Einrichtung über die Aufgabenplanung
Umzug des WSUS ServersIm Falle eines Umzugs des WSUS Servers empfehlen wir ebenfalls zeitnah den AdminWizard mit auf den neuen WSUS Server zu portieren. Beachten Sie außerdem, dass es unter Umständen dazu kommen kann, dass Updates, die am Tage des Umzugs des WSUS Servers auf dem WSUS Server gespeichert wurden, nicht in SecuLutions Datenbank mit aufgenommen werden. Weitere Hinweise dazu finden Sie hier.Example-Script.bat, aus dem AdminWizard Installations-Verzeichnis:
rem ############################################################ rem Example script to run the SecuLution-AdminWizard in batch mode rem ############################################################ rem IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT rem IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT rem IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT IMPORTANT rem Some features require configuration which are made in the rem SecuLution AdminWizard running in GUI mode! !!!READ THIS!!! rem ##### THIS FILE WILL BE OVERWRITTEN ######################## rem Please copy this file to a new name since this example rem script will be overwritten with new updates. Then rem edit the new file and configure the options as desired! rem ##### LOGIN PASSWORD REQUIRED ############################## rem The AdminWizard needs a password to login to the SecuLution rem appliance. To stored the password encrypted in the registry rem start the AdminWizard into GUI mode, login, select menu rem Extra/Scripting/store password in registry rem ##### LDAP ROOT REQUIRED ################################### rem In order to replicate objects from your ActiveDirectory the rem AdminWizard needs to know the LDAP root to use. This will be rem configured upon first start of the replication process in in rem GUI mode. Start the AdminWizard and select the menu rem Extra/Directories/MS-Active-Directory/update now rem ############################################################ rem #### END OF IMPORTANT REQUIREMENTS ######################### rem ############################################################ rem ############################################################ rem #### VARIABLES ######################### rem ############################################################ rem if %logfile% is not defined, no logs will be written rem set logfile=D:\Logs\SecuLution-Script-logfile.txt rem usage of a sample computer is recommended rem set masterimage=nameofsamplecomputer rem Convert German date notation dd.mm.yyyy to ISO date yyyy-mm-dd for /f "delims=. tokens=1,2,3" %%a in ('echo %date%') do set isodate=%%c-%%b-%%a rem ############################################################ rem #### END OF VARIABLES ######################### rem ############################################################ rem ############################################################ rem Recommended configuration rem remove "rem" from all required "call" and "start" lines rem ############################################################ rem first make sure to change the active directoy to the AdminWizard installation directory rem cd to drive (usually c:) %~d0 %~d0 rem cd to path (usually C:\Program Files (x86)\SecuLution\SecuSurf-Admin-Wizard) %~dp0 cd %~dp0 rem make sure no remaining instance is running rem recommended without modification rem call:messageoutput "terminate" rem start /w SecuSurfAdminWizard.exe -terminate rem call:Errorreporting %ERRORLEVEL% rem save and create backup of SecuLution database rem recommended, configure path rem call:messageoutput "exportruleset" rem start /w SecuSurfAdminWizard.exe -exportruleset d:\SecuLution\backups\%isodate%.ssf rem call:Errorreporting %ERRORLEVEL% rem delete unneeded WSUS entries to keep ruleset small rem recommended without modification rem call:messageoutput "deleteoldwsusentries" rem start /w SecuSurfAdminWizard.exe -deleteoldwsusentries 60 rem call:Errorreporting %ERRORLEVEL% rem delete orphaned entries to keep ruleset small rem recommended without modification rem call:messageoutput "deleteoldentries" rem start /w SecuSurfAdminWizard.exe -deleteoldentries 180 rem call:Errorreporting %ERRORLEVEL% rem import new files from trusted path (if applicable) rem see details below, configure path rem call:messageoutput "importdir" rem start /w SecuSurfAdminWizard.exe -importdir "\\%masterimage%\c$\" "scriptmode;-importdir;%masterimage%;%isodate%" rem call:Errorreporting %ERRORLEVEL% rem import new WSUS entries rem see details below, configure path rem call:messageoutput "wsus" rem start /w SecuSurfAdminWizard.exe -wsus d:\wsus\wsuscontent\ rem call:Errorreporting %ERRORLEVEL% rem import ActiveDirectory objects Groups, Computers and Users rem recommended without modification rem call:messageoutput "updatead" rem start /w SecuSurfAdminWizard.exe -updatead rem call:Errorreporting %ERRORLEVEL% rem ############################################################ rem END OF Recommended configuration rem ############################################################ rem ############################################################ rem Detailled information about the different command lines follow rem ############################################################ rem ############################################################ rem ##################### no password ########################## rem ############################################################ rem When the AdminWizard is prepared to be started in script rem mode, the login password is being stored in the registry as rem explained above. You can create a shortcut to start the rem AdminWizard without prompting for a login password. rem ############################################################ rem SecuSurfAdminWizard.exe -dontaskforpassword rem ############################################################ rem ##################### TERMINATE ############################ rem ############################################################ rem Only one instance of SecuSurfAdminWizard may run at a time rem on one computer. In case an earlier instance did not rem terminate properly, all running instances can be closed rem using the -terminate switch. rem ############################################################ rem start /w SecuSurfAdminWizard.exe -terminate rem rem example: rem start /w SecuSurfAdminWizard.exe -terminate rem ############################################################ rem ##################### IMPORT ONE FILE ###################### rem ############################################################ rem Import ONE new program into SecuSurfs database, no matter rem if this program is new or not. The file will not be expanded rem (unpacked). rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -import z:\Software\New-Version.exe rem ############################################################ rem ##################### IMPORT RECURSIVE ##################### rem ############################################################ rem Import all programs from the given directory and all sub- rem directories into SecuSurfs database. The only difference to rem the -import command is that this command does not import rem ONE program, but ANY program fron the given directory and rem all subdirectories. rem rem Note: rem This command imports all programs WITHOUT expanding packed rem programs and regardless if the program may already have been rem previously imported. rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -importdir z:\Software\ rem ############################################################ rem ################# IMPORT RECURSIVE AND EXPAND ############## rem ############################################################ rem This command imports the contents of any directory and all rem subdirectories, unpacks (expands) any file which has been rem compressed with commonly used packing algorhythms and import rem the content of the file. Recursive depth is 5. rem rem Note: rem This command will regard any file as new if the fileNAME has rem been changed since the last time the command was used on the rem same directory or if the filename has never been found in rem that directory before. Files which have been replaced by a rem new version but still have the same name will NOT be imported. rem rem Note: rem The host on which the Admin-Wizard is being started with rem the -importexpand switch should _NOT_ have the SecuLution-Agent rem running because extracting files may require starting them, rem which will be blocked for new patches if the agent is running! rem rem Note: rem During the very first run of this program no files are added rem to SecuSurfs database. Any further execution of this command rem will import all files that have been added since the last time rem the command was run. rem rem Note: rem Supports unpacking CAB, EXE, ZIP, RAR, MSI and many more rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -importexpand d:\deployment\content\ rem ############################################################ rem ##### IMPORT and EXPAND (unpack) ONE FILE (recursive) ###### rem ############################################################ rem This command will import one file, unpack (expand) it (if rem compressed with commonly used packing algorhythms) and import rem the content of the file. Recursive depth is 5. rem rem Note: rem This command will process any given file even it was imported rem before. rem rem Note: rem The host on which the Admin-Wizard is being started with rem the -importexpand switch should _NOT_ have the SecuLution-Agent rem running because extracting files may require starting them, rem which will be blocked for new patches if the agent is running! rem rem Note: rem Supports unpacking CAB, EXE, ZIP, RAR, MSI and many more rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -importexpandfile y:\download\setup.exe rem ############################################################ rem ##### IMPORT ONE FILE ###### rem ############################################################ rem This command will import one file. rem rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -importfile y:\download\program.exe rem ############################################################ rem ############ IMPORT and EXPAND all NEW files ############### rem ############################################################ rem Periodically import the contents of a Software-Distribution rem directory which contains trusted software into SecuSurfs rem database. Start this whenever new software was stored. rem The command will look for changed files since the last run rem of this command on the same directory.The detection rem is based on the "Last Changed" date of the file. rem rem Note: rem The command does NOT look for file NAMES and will re- rem import a file with the same name if the contents of rem the file have changed. rem rem Note: rem During the very first run of this program no files are added rem to SecuSurfs database. Any further execution of this command rem will import all files that have changed since the last time rem the command was run. rem rem Note: rem Do not use this command to import WSUS updates since the rem WSUS cleanup wizard will touch all files and therefore mark rem them as NEW. rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -importifchanged y:\SoftwareDistributionPath rem ############################################################ rem ##################### IMPORT WSUS ########################## rem ############################################################ rem Periodically import the contents of the WsusContent Directory rem or any other directory which contains trusted software rem into SecuSurfs database. Start this command 30 minutes after rem your WSUS server has downloaded the latest patches from rem Microsoft. The command will look for unknown files, extract rem them and import them into SecuSurfs database. rem rem Because unpacking hotfix files for XP and Windows 2003 may rem require the execution of these files, it is recommended to rem run this script as administrator with high privileges and rem UAC turned off. rem rem Note: rem The command looks for unknown file NAMES and will not re- rem import a file with the same name even if the contents of rem the file have changed. rem rem Note: rem The host on which the Admin-Wizard is being started with rem the -wsus switch should _NOT_ have the SecuLution-Agent rem running because extracting files requires starting them, rem which will be blocked for new patches if the agent is running! rem rem Note: rem If your WSUS Server will provide patches for Windows Vista rem or later versions while your WSUS Server runs on Win2k3, you rem will need a new version of EXPAND. See this link rem http://technet.microsoft.com/en-us/library/cc722332(v=ws.10).aspx rem You may also run the command on an OS which includes a version rem of expand.exe which is capable of IDC like Windows Vista and rem later versions. rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -wsus d:\wsus\wsuscontent\ rem ############################################################ rem ##################### RELOAD AD OBJECTS #################### rem ############################################################ rem Update all users, groups and computers from the ActiveDirectory rem into SecuLution database. rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -updatead rem ############################################################ rem ################## DELETE OLD ENTRIES ###################### rem ############################################################ rem Removes entries from SecuSurfs database that have not been rem used for x days. rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -deleteoldentries 180 rem ############################################################ rem ################ DELETE OLD WSUS ENTRIES ################### rem ############################################################ rem Removes WSUS entries from SecuSurfs database that have not rem been used for x days by any client. rem Depending on the configuration of the WSUS server, WSUS can rem import more than 100 new signatures every day. All these rem signatures can be safely deleted from the database after rem they have not been used by any client for 60 days to avoid rem an infinite increase of SecuSurfs database. rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -deleteoldwsusentries 60 rem ############################################################ rem ####################### BACKUP ############################ rem ############################################################ rem Export RuleSet and AD_config for backup purposes rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -exportruleset d:\backups\SecuLution-Backup-%DATE%.ssf rem ############################################################ rem ####################### RESTORE ########################### rem ############################################################ rem Import RuleSet and AD_config from backup rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -importruleset d:\backups\filename.ssf rem ############################################################ rem ################## CHALLENGE RESPONSE ###################### rem ############################################################ rem start the challenge-response dialogue while server is down rem ############################################################ rem rem example: rem start /w SecuSurfAdminWizard.exe -challengeresponse rem ############################################################ rem ##################### LERN MODES ########################### rem ############################################################ rem set learnmode on from command line rem ############################################################ rem rem start /w SecuSurfAdminWizard.exe -addlearnmode 0.0.0.0/0 0.0.0.0/0 60 rem this will add a new learnmode, learning from all IPs, rules rem are valid for all IPs, learnmode will be on for 60 seconds rem rem will work with AD objects, too: $=user, /=host, &=group rem rem start /w SecuSurfAdminWizard.exe -addlearnmode /host2 0.0.0.0/0 600 rem will add a new learnmode that learn from the computer with rem the name host2 for 10 minutes. rem rem start /w SecuSurfAdminWizard.exe -addlearnmode 0.0.0.0/0 0.0.0.0/0 0 rem this will set a learnmode to off rem ############################################################ rem rem example: See description rem ############################################################ rem ##################### Debugging ########################### rem ############################################################ rem turn Debug Mode on and off from command line rem ############################################################ rem rem start /w SecuSurfAdminWizard.exe -turndebugmodeon rem This will turn on debugging, a debug.txt file will be written rem to the users temp directory. rem rem start /w SecuSurfAdminWizard.exe -turndebugmodeoff rem This will turn off debugging. rem ############################################################ rem rem example: See description rem ############################################################ rem ######################### REBOOT ########################### rem ############################################################ rem reboot the SecuLution Server rem ############################################################ rem rem example rem start /w SecuSurfAdminWizard.exe -rebootserver rem ############################################################ rem Description of exit codes follows. rem ############################################################ echo.&goto:eof :messageoutput if DEFINED logfile echo. %isodate% - %time%: %~1>>%logfile% echo. %~1 goto:eof :Errorreporting if %~1 EQU 0 call:messageoutput "Command completed successfully." if %~1 EQU 1 call:messageoutput "Command NOT completed successfully." if %~1 EQU 101 call:messageoutput "Error accessing the registry. Does the user have enough rights? Is the password stored in the registry?" if %~1 EQU 109 call:messageoutput "The password in the registry seems to be wrong." if %~1 EQU 111 call:messageoutput "Another instance of the AdminWizard is already running. Please use that instance instead." if %~1 EQU 112 call:messageoutput "Could not get challenge information from registry. Please use AdminWizard installation that had a valid connection to the server before." if %~1 EQU 116 call:messageoutput "Server VM license not activated. Scriptmode aborted." if %~1 EQU 125 call:messageoutput "Not all servers available. To avoid inconsistencies, the command has been aborted." if %~1 EQU 131 call:messageoutput "The server is in learn mode. The command has been aborted." if %~1 EQU 163 call:messageoutput "An error has occured while generating a new whitelist." if %~1 EQU 191 call:messageoutput "Server error: Server does not accept new whitelists." if %~1 EQU 194 call:messageoutput "The server did not accept the new whitelist. There is probably an inconsistency in the whitelist." if %~1 EQU 195 call:messageoutput "The whitelist has been activated, but at least one server did not get it. This may result in an inconsistency of the servers databases." if %~1 EQU 501 call:messageoutput "Unknown command line argument." if %~1 EQU 512 call:messageoutput "File not found." if %~1 EQU 513 call:messageoutput "File exists. Will not override." if %~1 EQU 523 call:messageoutput "Directory not found." if %~1 EQU 551 call:messageoutput "Active directory update error. Does the user have enough rights to access the AD?" if %~1 EQU 751 call:messageoutput "The ruleset has changed on the server while the AdminWizard was processing this command." goto:eof |