Skip rules for unsupported platform

SecureAuditor.ps1

@@ -27,17 +27,23 @@ $config = Get-IniContent -file ([IO.Path]::Combine($PSScriptRoot, 'SecureAuditor
 
 # System Information
 Write-Output "## $($i18n.SystemInfo)`n"
-$props = $config.ComputerInfo.Properties -split ',\s*'
-$info = Get-ComputerInfo -Property $props
-foreach ($prop in $props) {
-    if ($prop -eq 'OsHotFixes' -and $info.OsHotFixes.Count -gt 0) {
-        Write-Output "- OsHotFixes:"
-        foreach ($hotFix in $info.OsHotFixes) {
-            Write-Output "  - $($hotFix.HotFixID): $($hotFix.InstalledOn) $($hotFix.Description)"
+
+if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+    Write-Output "- $(& uname -a)"
+}
+else {
+    $props = $config.ComputerInfo.Properties -split ',\s*'
+    $info = Get-ComputerInfo -Property $props
+    foreach ($prop in $props) {
+        if ($prop -eq 'OsHotFixes' -and $info.OsHotFixes.Count -gt 0) {
+            Write-Output "- OsHotFixes:"
+            foreach ($hotFix in $info.OsHotFixes) {
+                Write-Output "  - $($hotFix.HotFixID): $($hotFix.InstalledOn) $($hotFix.Description)"
+            }
+            continue;
         }
-        continue;
+        Write-Output "- $($prop): $($info.$prop)"
     }
-    Write-Output "- $($prop): $($info.$prop)"
 }
 
 # Test Rules

SecureAuditor.psd1

@@ -63,7 +63,7 @@
     # NestedModules = @()
 
     # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-    FunctionsToExport      = @('Get-IniContent', 'IsLocalAdministrator', 'Write-CheckList', 'Write-RequireAdministrator')
+    FunctionsToExport      = @('Get-IniContent', 'IsLocalAdministrator', 'Write-CheckList', 'Write-RequireAdministrator', 'Write-UnsupportedPlatform')
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
     CmdletsToExport        = @()

SecureAuditor.psm1

@@ -1,8 +1,9 @@
 $i18n = Data {
     # culture="en-US"
     ConvertFrom-StringData @'
-	RequireAdministrator = Require Administrator
-	SkipRule = Skip rule
+    RequireAdministrator = Require Administrator
+    SkipRule = Skip rule
+    UnsupportedPlatform = Unsupported Platform
 '@
 }
 
@@ -49,6 +50,10 @@ function Write-RequireAdministrator($ruleName) {
     Write-Host "`n> $($i18n.SkipRule): $($ruleName) ($($i18n.RequireAdministrator)) ..."
 }
 
+function Write-UnsupportedPlatform($ruleName) {
+    Write-Host "`n> $($i18n.SkipRule): $($ruleName) ($($i18n.UnsupportedPlatform)) ..."
+}
+
 function Write-CheckList([bool]$pass, [string]$item) {
     Write-Output "- [$(if($pass) {'x'} else {' '})] $($item)"
 }

rules/Antivirus.psm1

@@ -12,6 +12,11 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
     $osInfo = Get-CimInstance -ClassName Win32_OperatingSystem
     if ($osInfo.ProductType -ne 1) {
         # Windows Server

rules/DefaultAccount.psm1

@@ -12,6 +12,11 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
     Write-Output "`n## $($i18n.DefaultAccount)`n"
     $userNames = $config.DefaultAccount.LocalUserNames -split ',\s*'
     foreach ($userName in $userNames) {

rules/DiskSpace.psm1

@@ -13,6 +13,11 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
     Write-Output "`n## $($i18n.DiskSpace)`n"
     # https://learn.microsoft.com/windows/win32/cimwin32prov/win32-logicaldisk
     $logicalDisks = Get-CimInstance -Query "SELECT * FROM Win32_LogicalDisk Where Size > 0"

rules/EventLogs.psm1

@@ -16,16 +16,20 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
     if (-not (IsLocalAdministrator)) {
-        $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
         Write-RequireAdministrator($ruleName)
         return
     }
     $logNames = $config.EventLogs.LogNames -split ',\s*'
     $levels = $config.EventLogs.Levels -split ',\s*' | ForEach-Object { [int]::Parse($_) }
     $days = [int]::Parse($config.EventLogs.Days) * -1
     # https://learn.microsoft.com/powershell/scripting/samples/creating-get-winevent-queries-with-filterhashtable
-    $events = Get-WinEvent -FilterHashtable @{ 
+    $events = Get-WinEvent -FilterHashtable @{
         LogName   = $logNames
         Level     = $levels
         StartTime = (Get-Date).AddDays($days)

rules/IdleAccount.psm1

@@ -11,6 +11,11 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
     $days = [int]::Parse($config.IdleAccount.Days) * -1
     $idleCheckpoint = (get-date).AddDays($days)
     # https://learn.microsoft.com/powershell/module/microsoft.powershell.localaccounts/get-localuser

rules/Login.psm1

@@ -13,14 +13,18 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
     if (-not (IsLocalAdministrator)) {
-        $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
         Write-RequireAdministrator($ruleName)
         return
     }
     $days = [int]::Parse($config.Login.Days) * -1
     # https://learn.microsoft.com/windows/security/threat-protection/auditing/basic-audit-logon-events
-    $events = Get-WinEvent -FilterHashtable @{ 
+    $events = Get-WinEvent -FilterHashtable @{
         LogName   = 'Security'
         Id        = 4624, 4625
         StartTime = (Get-Date).AddDays($days)

rules/NetworkTimeSync.psm1

@@ -11,6 +11,11 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
     Write-Output "`n## $($i18n.NetworkTimeSync)`n"
     # https://learn.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings
     $pinfo = New-Object System.Diagnostics.ProcessStartInfo

rules/PasswordExpires.psm1

@@ -11,6 +11,11 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
     # https://learn.microsoft.com/powershell/module/microsoft.powershell.localaccounts/get-localuser
     $users = Get-LocalUser | Where-Object { $_.Enabled -and $null -eq $_.PasswordExpires }
     $exclude = $config.PasswordExpires.Exclude;

rules/PasswordPolicy.psm1

@@ -14,8 +14,12 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
     if (-not (IsLocalAdministrator)) {
-        $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
         Write-RequireAdministrator($ruleName)
         return
     }

rules/PendingUpdates.psm1

@@ -11,6 +11,11 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
     $updateSession = New-Object -ComObject Microsoft.Update.Session
     $updateSession.ClientApplicationID = 'Windows Secure Auditor'
     $updateSearcher = $updateSession.CreateUpdateSearcher()

rules/Shutdown.psm1

@@ -10,15 +10,19 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
     if (-not (IsLocalAdministrator)) {
-        $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
         Write-RequireAdministrator($ruleName)
         return
     }
     $days = [int]::Parse($config.Shutdown.Days) * -1
     $maxEvents = [int]::Parse($config.Shutdown.MaxEvents)
     # https://learn.microsoft.com/powershell/scripting/samples/creating-get-winevent-queries-with-filterhashtable
-    $events = Get-WinEvent -FilterHashtable @{ 
+    $events = Get-WinEvent -FilterHashtable @{
         LogName   = 'System'
         Id        = 41, 1074, 1076, 6008
         StartTime = (get-date).AddDays($days)

rules/SoftwareInstallation.psm1

@@ -10,15 +10,19 @@ if ($PSUICulture -ne 'en-US') {
 }
 
 function Test($config) {
+    $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
     if (-not (IsLocalAdministrator)) {
-        $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
         Write-RequireAdministrator($ruleName)
         return
     }
     $days = [int]::Parse($config.SoftwareInstallation.Days) * -1
     $maxEvents = [int]::Parse($config.SoftwareInstallation.MaxEvents)
     # https://learn.microsoft.com/powershell/scripting/samples/creating-get-winevent-queries-with-filterhashtable
-    $events = Get-WinEvent -FilterHashtable @{ 
+    $events = Get-WinEvent -FilterHashtable @{
         LogName   = 'Application'
         Id        = 11707, 11724
         StartTime = (get-date).AddDays($days)

rules/UserAccountManagement.psm1

@@ -1,43 +1,47 @@
 $i18n = Data {
-	# culture="en-US"
-	ConvertFrom-StringData @'
+    # culture="en-US"
+    ConvertFrom-StringData @'
 	Create = create
 	Delete = delete
     UserAccountManagement = User Account Management
 '@
 }
 
 if ($PSUICulture -ne 'en-US') {
-	Import-LocalizedData -BindingVariable i18n
+    Import-LocalizedData -BindingVariable i18n
 }
 
 function Test($config) {
-	if (-not (IsLocalAdministrator)) {
-		$ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
-		Write-RequireAdministrator($ruleName)
-		return
-	}
-	$days = [int]::Parse($config.UserAccountManagement.Days) * -1
-	# https://learn.microsoft.com/powershell/scripting/samples/creating-get-winevent-queries-with-filterhashtable
-	$events = Get-WinEvent -FilterHashtable @{ 
-		LogName   = 'Security'
-		Id        = 4720, 4726
-		StartTime = (get-date).AddDays($days)
-	} -ErrorAction SilentlyContinue
-	if ($events.Count -eq 0) {
-		return
-	}
-	Write-Output "`n## $($i18n.UserAccountManagement)`n"
-	foreach ($event in $events) {
-		$username = $event.Properties[0].Value
-		$actor = $event.Properties[4].Value
-		# https://learn.microsoft.com/windows/security/threat-protection/auditing/event-4720
-		if ($event.Id -eq 4720) {
-			Write-Output ("- {0:yyyy-MM-dd'T'HH:mm:ssK} | ``$($actor)`` $($i18n.Create) ``$($username)``" -f $event.TimeCreated)
-		}
-		# https://learn.microsoft.com/windows/security/threat-protection/auditing/event-4726
-		elseif ($event.Id -eq 4726) {
-			Write-Output ("- {0:yyyy-MM-dd'T'HH:mm:ssK} | ``$($actor)`` $($i18n.Delete) ``$($username)``" -f $event.TimeCreated)
-		}
-	}
+    $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath)
+    if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') {
+        Write-UnsupportedPlatform($ruleName)
+        return
+    }
+    if (-not (IsLocalAdministrator)) {
+        Write-RequireAdministrator($ruleName)
+        return
+    }
+    $days = [int]::Parse($config.UserAccountManagement.Days) * -1
+    # https://learn.microsoft.com/powershell/scripting/samples/creating-get-winevent-queries-with-filterhashtable
+    $events = Get-WinEvent -FilterHashtable @{
+        LogName   = 'Security'
+        Id        = 4720, 4726
+        StartTime = (get-date).AddDays($days)
+    } -ErrorAction SilentlyContinue
+    if ($events.Count -eq 0) {
+        return
+    }
+    Write-Output "`n## $($i18n.UserAccountManagement)`n"
+    foreach ($event in $events) {
+        $username = $event.Properties[0].Value
+        $actor = $event.Properties[4].Value
+        # https://learn.microsoft.com/windows/security/threat-protection/auditing/event-4720
+        if ($event.Id -eq 4720) {
+            Write-Output ("- {0:yyyy-MM-dd'T'HH:mm:ssK} | ``$($actor)`` $($i18n.Create) ``$($username)``" -f $event.TimeCreated)
+        }
+        # https://learn.microsoft.com/windows/security/threat-protection/auditing/event-4726
+        elseif ($event.Id -eq 4726) {
+            Write-Output ("- {0:yyyy-MM-dd'T'HH:mm:ssK} | ``$($actor)`` $($i18n.Delete) ``$($username)``" -f $event.TimeCreated)
+        }
+    }
 }

zh-TW/SecureAuditor.psd1

@@ -1,7 +1,8 @@
 # culture="zh-TW"
 ConvertFrom-StringData -StringData @'
+Error = 錯誤
 RequireAdministrator = 需要管理者權限
 SkipRule = 略過規則
 SystemInfo = 系統資訊
-Error = 錯誤
+UnsupportedPlatform = 不支援的作業系統
 '@