diff --git a/README.md b/README.md index e22b01f..7e11b7a 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ git pull Sample output ````markdown -# Windows Secure Auditor: 0.12.9 +# Windows Secure Auditor: 0.13.0 ## System Information @@ -91,7 +91,8 @@ Sample output ## Network Time Sync -- [x] Windows Time Service Started +- [x] Windows Time service started +- [x] NTP source: time.windows.com ```log Leap Indicator: 0(no warning) diff --git a/README.zh-TW.md b/README.zh-TW.md index c83bab7..da0adcd 100644 --- a/README.zh-TW.md +++ b/README.zh-TW.md @@ -51,7 +51,7 @@ git pull 範例輸出 ````markdown -# Windows Secure Auditor: 0.12.9 +# Windows Secure Auditor: 0.13.0 ## 系統資訊 @@ -91,7 +91,8 @@ git pull ## 網路校時 -- [x] Windows 時間同步服務已啟動 +- [x] 網路校時服務已啟動 +- [x] 校時來源: time.windows.com ```log 躍進式指示器: 0(沒有警告) @@ -168,9 +169,9 @@ An TLS 1.2 connection request was received from a remote client application, but - 2023-01-03T08:30:00+08:00 | 系統已重新開機,但未先正常關機。若系統停止回應、當機或電力意外中斷,就可能會造成此錯誤。 - 2023-01-03T23:00:00+08:00 | 處理程序 C:\Windows\system32\svchost.exe (DEMO)已代表使用者 NT AUTHORITY\SYSTEM 啟動電腦 DEMO 的電源關閉,原因如下: 作業系統: Service Pack (計劃之中) - 理由代碼: 0x80020010 - 關機類型: 重新啟動 - 註解: + 理由代碼: 0x80020010 + 關機類型: 重新啟動 + 註解: ## 軟體安裝 diff --git a/SecureAuditor.psd1 b/SecureAuditor.psd1 index ca644c5..11a0702 100644 --- a/SecureAuditor.psd1 +++ b/SecureAuditor.psd1 @@ -6,7 +6,7 @@ # RootModule = '' # Version number of this module. - ModuleVersion = '0.12.9' + ModuleVersion = '0.13.0' # Supported PSEditions # CompatiblePSEditions = @() diff --git a/rules/NTP.psm1 b/rules/NTP.psm1 index 0cda4b0..963a862 100644 --- a/rules/NTP.psm1 +++ b/rules/NTP.psm1 @@ -2,7 +2,8 @@ # culture="en-US" ConvertFrom-StringData @' NTP = Network Time Protocol - WindowsTimeServiceStarted = Windows Time Service Started + NtpSource = NTP source + ServiceStarted = Windows Time service started '@ } @@ -11,24 +12,25 @@ if ($PSUICulture -ne 'en-US') { } function Test($config) { + $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath) if ($PSVersionTable.PSEdition -eq 'Core' -and $PSVersionTable.Platform -ne 'Win32NT') { - $ruleName = [System.IO.Path]::GetFileNameWithoutExtension($PSCommandPath) Write-UnsupportedPlatform($ruleName) return } + if (-not (IsLocalAdministrator)) { + Write-RequireAdministrator($ruleName) + return + } Write-Output "`n## $($i18n.NTP)`n" # https://learn.microsoft.com/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings - $pinfo = New-Object System.Diagnostics.ProcessStartInfo - $pinfo.FileName = "w32tm" - $pinfo.Arguments = "/query /status" - $pinfo.RedirectStandardError = $true - $pinfo.RedirectStandardOutput = $true - $pinfo.UseShellExecute = $false - $p = New-Object System.Diagnostics.Process - $p.StartInfo = $pinfo - $p.Start() | Out-Null - $p.WaitForExit() - $output = $p.StandardOutput.ReadToEnd().Trim() - Write-CheckList ($p.ExitCode -eq 0) "$($i18n.WindowsTimeServiceStarted)" - Write-Output "`n``````log`n$($output)`n``````" + $service = Get-Service -Name w32time -ErrorAction SilentlyContinue + Write-CheckList ($service.Status -eq 'Running') "$($i18n.ServiceStarted)" + if ($service.Status -ne 'Running') { + Write-CheckList $false "$($i18n.NtpSource)" + return + } + $source = (& w32tm /query /source | Out-String).Trim() + Write-CheckList ($source -inotmatch '(Free-running System Clock|Local CMOS Clock)') "$($i18n.NtpSource): $($source)" + $status = (& w32tm /query /status | Out-String).Trim() + Write-Output "`n``````log`n$($status)`n``````" } diff --git a/rules/zh-TW/NTP.psd1 b/rules/zh-TW/NTP.psd1 index bb49c7f..d46597c 100644 --- a/rules/zh-TW/NTP.psd1 +++ b/rules/zh-TW/NTP.psd1 @@ -1,5 +1,6 @@ # culture="zh-TW" ConvertFrom-StringData -StringData @' NTP = 網路校時 -WindowsTimeServiceStarted = Windows 時間同步服務已啟動 +NtpSource = 校時來源 +ServiceStarted = 網路校時服務已啟動 '@