Merge pull request #225 from aaalzand/master

Initial upload for the mgn-toolkit
awslabs · Dec 1, 2023 · 0ffe4c8 · 0ffe4c8
2 parents 62cb1bf + a02fc13
commit 0ffe4c8
Show file tree

Hide file tree

Showing 33 changed files with 2,416 additions and 0 deletions.
diff --git a/MGN/Windows/MGN-Toolkit.psd1 b/MGN/Windows/MGN-Toolkit.psd1
@@ -0,0 +1,86 @@
+#
+# Module manifest for module 'MGN-Toolkit'
+#
+# Generated by: aaalzand@
+# Generated on: 6/12/2023
+#
+
+@{
+
+    # Script module or binary module file associated with this manifest.
+    RootModule = 'MGN-Toolkit.psm1'
+
+    # Version number of this module.
+    ModuleVersion = '0.1.0'
+
+    # ID used to uniquely identify this module
+    GUID = '0c0b1894-1c1f-40a4-997d-aa2712d5589d'
+
+    # Author of this module
+    Author = "Ali Alzand / Tim Hall / Imthian Ramgobin"
+
+    # Company or vendor of this module
+    CompanyName = 'Amazon'
+    Copyright = '(c) 2023 Amazon, Inc.'
+
+    # Minimum version of the Windows PowerShell engine required by this module
+    PowerShellVersion = '3.0'
+
+    # Description of the functionality provided by this module
+    Description = 'Provides a set of PowerShell functions for requirements/consideration/replication checks'
+
+    # Functions to export from this module
+    FunctionsToExport = @(
+        "Invoke-MGNToolkit",
+        "Get-AntivirusEnabled",
+        "Get-Bandwidth",
+        "Get-BitLockerStatus",
+        "Get-BootMode",
+        "Get-DiskActivity"
+        "Get-DomainControllerStatus",
+        "Get-DotNETFramework",
+        "Get-FreeRAM",
+        "Get-ProxySetting",
+        "Get-RootDiskSpace",
+        "Get-SCandNET",
+        "Get-TrustedRootCertificate",
+        "Get-WMIServiceStatus",
+        "Test-EndpointsNetworkAccess"
+    )
+
+    # Cmdlets to export from this module (leave empty if none)
+    CmdletsToExport = @()
+
+    # Variables to export from this module
+    VariablesToExport = '*'
+
+    # Aliases to export from this module (leave empty if none)
+    AliasesToExport = @()
+
+    # Private data to pass to the module specified in RootModule/ModuleToProcess
+    PrivateData = @{
+        PSData = @{
+            # Tags applied to this module. These help with module discovery in online galleries.
+            # Tags = @()
+
+            # A URL to the license for this module.
+            # LicenseUri = ''
+
+            # A URL to the main website for this project.
+            # ProjectUri = ''
+
+            # A URL to an icon representing this module.
+            # IconUri = ''
+
+            # ReleaseNotes of this module
+            # ReleaseNotes = ''
+        } # End of PSData hashtable
+    } # End of PrivateData hashtable
+
+    # HelpInfo URI of this module
+    # HelpInfoURI = ''
+
+    # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+    # DefaultCommandPrefix = ''
+
+}
diff --git a/MGN/Windows/MGN-Toolkit.psm1 b/MGN/Windows/MGN-Toolkit.psm1
@@ -0,0 +1,16 @@
+# Get public and private function definition files.
+$Public = @( Get-ChildItem -Path $PSScriptRoot\Public\*.ps1 -ErrorAction SilentlyContinue )
+$Private = @( Get-ChildItem -Path $PSScriptRoot\Private\*.ps1 -ErrorAction SilentlyContinue )
+
+# Dot source the files
+Foreach ($import in @($Public + $Private )) {
+    Try {
+        . $import.FullName
+        # Write-host "Importing $($import.FullName)" -ForegroundColor [YELLOW]
+        Export-ModuleMember -Function $Public.Basename
+        #Export-ModuleMember -Variable "script:defaultfilepath", "script:loglocation"
+    }
+    Catch {
+        Write-Error -Message "Failed to import function $($import.fullname): $_"
+    }
+}
diff --git a/MGN/Windows/Private/Get-IEProxySetting.ps1 b/MGN/Windows/Private/Get-IEProxySetting.ps1
@@ -0,0 +1,65 @@
+<#
+  .Synopsis
+    Check the value of Internet Explorer proxy value configured under registry.
+  .Description
+    This is a public function used to check the value of Internet Explorer proxy value configured under registry path "KEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings".
+  .Example
+    Get-IEProxySetting
+  .INPUTS
+    Key = The path for the Internet Explorer proxy in the registry. Default value: "Registry::HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings".
+    Skip = Switch to skip this function if the agent is not installed.
+  .OUTPUTS
+    Set-PSObjectResponse -Check "$check" -Status "$value" -Note "$Action"
+#>
+Function Get-IEProxySetting {
+  [CmdletBinding()]
+  param (
+    [String]$ProxySettingsKey = "Registry::HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings",
+    [Switch]$Skip
+  )
+
+  $check = "LocalSystem account user Internet Explorer proxy"
+  Write-Log -Message "___________________________________________________________________"
+  Write-Log -Message "New check....."
+  Write-Log -Message "$check"
+
+  Write-Log -Message "Checking IE proxy settings from registry location $ProxySettingsKey."
+  Write-Log -Message "For more information check - https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows."
+  Write-Log -Message "IE proxy settings mainly used to enable PowerShell to have access to the internet (not Windows Update service)"
+  Write-Log -Message "If the server behind a proxy and PowerShell via run command has a command which needs access to the internet would fail if there are no Internet Explorer proxy settings"
+
+  if (-not ($Skip)) {
+    try {
+      If (((Get-Item -Path $ProxySettingsKey).GetValue("ProxyEnable") -eq 0) -Or (-not (Test-RegistryValue -Path $ProxySettingsKey -Value 'ProxyEnable'))) {
+        $value = "[GREEN]"
+        Write-Log -Message "The check ""$check"" output is $value"
+        $Action = "No action required. there is no ProxyServer configured."
+        Write-Log -Message $Action
+      }
+      else {
+        $value = "[YELLOW]"
+        Write-Log -Message "The check ""$check"" output is $value" -LogLevel "WARN"
+        $Action = "Current IE proxy settings for LocalSystem account is " + (Get-Item -Path $ProxySettingsKey).GetValue("ProxyServer") + " ProxyServer, and " + (Get-Item -Path $ProxySettingsKey).GetValue("ProxyOverride") + " as ProxyOverride list. PowerShell would use these settings"
+        Write-Log -Message $Action -LogLevel "WARN"
+      }
+    }
+    catch {
+      Write-Log -Message "Failed..." -LogLevel "ERROR"
+      $Action = "An error occurred when running Get-IEProxySetting."
+      Write-Log -Message $Action -LogLevel "ERROR"
+      Write-Log -Message "$($_)" -LogLevel "ERROR"
+      $value = "[RED]"
+      Write-Log -Message "The check ""$check"" output is $value" -LogLevel "ERROR"
+    }
+  }
+  else {
+    $value = "[GREEN]"
+    Write-Log -Message "The check ""$check"" output is $value"
+    $Action = "No action required. Skipped."
+    Write-Log -Message $Action
+  }
+  if ($value -ne "[GREEN]") {
+    $Output.Add((Set-PSObjectResponse -Check "$check" -Status "$value" -Action "$Action"))
+  }
+  return Set-PSObjectResponse -Check "$check" -Status "$value" -Action "$Action"
+}
diff --git a/MGN/Windows/Private/Get-LocalSystemAccountEnvironmentVariablesProxy.ps1 b/MGN/Windows/Private/Get-LocalSystemAccountEnvironmentVariablesProxy.ps1
@@ -0,0 +1,67 @@
+<#
+  .Synopsis
+    Check the value of Local System Account Environment Variables proxy value configured under registry.
+  .Description
+    This is a public function used to check the value of Local System Account Environment Variables proxy value configured under registry path "HKEY_USERS\.DEFAULT\Environments".
+  .Example
+    Get-LocalSystemAccountEnvironmentVariablesProxy
+  .INPUTS
+    Key = The path for the Local System Account Environment Variables proxy in the registry. Default value: "Registry::HKEY_USERS\.DEFAULT\Environment". Ref:https://docs.microsoft.com/en-us/windows/win32/procthread/environment-variables
+    Skip = Switch to skip this function if the agent is not installed.
+  .OUTPUTS
+    Set-PSObjectResponse -Check "$check" -Status "$value" -Note "$Action"
+#>
+Function Get-LocalSystemAccountEnvironmentVariablesProxy {
+  param (
+    [String]$ProxyKey = "Registry::HKEY_USERS\.DEFAULT\Environment", #https://docs.microsoft.com/en-us/windows/win32/procthread/environment-variables
+    [Switch]$Skip
+  )
+
+  $check = "LocalSystem account user environment variable proxy"
+  Write-Log -Message "___________________________________________________________________"
+  Write-Log -Message "New check....."
+  Write-Log -Message "$check"
+
+  Write-Log -Message "Checking LocalSystem account user environment variable proxy settings from registry location $ProxyKey."
+  Write-Log -Message "For more information check - https://docs.microsoft.com/en-us/windows/win32/procthread/environment-variables."
+  Write-Log -Message "LocalSystem account user environment variable proxy mainly used by MGN agent to connect to the endpoints"
+
+  if (-not ($Skip)) {
+    try {
+      $http_proxy_check = Set-ProxyOutput -Path $ProxyKey -Value 'http_proxy' -SettingName $check
+      $https_proxy_check = Set-ProxyOutput -Path $ProxyKey -Value 'https_proxy' -SettingName $check
+      $no_proxy_check = Set-ProxyOutput -Path $ProxyKey -Value 'no_proxy' -SettingName $check
+
+      If (($no_proxy_check[0] -eq $false) -and ($https_proxy_check[0] -eq $false) -and ($http_proxy_check[0] -eq $false)) {
+        $value = "[GREEN]"
+        Write-Log -Message "The check ""$check"" output is $value"
+        $Action = "No action required. There is no http_proxy, https_proxy or no_proxy configured."
+        Write-Log -Message $Action
+      }
+      else {
+        $value = "[YELLOW]"
+        Write-Log -Message "The check ""$check"" output is $value" -LogLevel "WARN"
+        $Action = $http_proxy_check[1] + ". " + $https_proxy_check[1] + ". " + $no_proxy_check[1] + "."
+        Write-Log -Message $Action -LogLevel "WARN"
+      }
+    }
+    catch {
+      Write-Log -Message "Failed..." -LogLevel "ERROR"
+      $Action = "An error occurred when running Get-LocalSystemAccountEnvironmentVariablesProxy."
+      Write-Log -Message $Action -LogLevel "ERROR"
+      Write-Log -Message "$($_)" -LogLevel "ERROR"
+      $value = "[RED]"
+      Write-Log -Message "The check ""$check"" output is $value" -LogLevel "ERROR"
+    }
+  }
+  else {
+    $value = "[GREEN]"
+    Write-Log -Message "The check ""$check"" output is $value"
+    $Action = "No action required. Skipped."
+    Write-Log -Message $Action
+  }
+  if ($value -ne "[GREEN]") {
+    $Output.Add((Set-PSObjectResponse -Check "$check" -Status "$value" -Action "$Action"))
+  }
+  return Set-PSObjectResponse -Check "$check" -Status "$value" -Action "$Action"
+}
diff --git a/MGN/Windows/Private/Get-SystemWideEnvironmentVariablesProxy.ps1 b/MGN/Windows/Private/Get-SystemWideEnvironmentVariablesProxy.ps1
@@ -0,0 +1,66 @@
+<#
+  .Synopsis
+    Check the value of System Environment Variables proxy value configured under registry.
+  .Description
+    This is a public function used to check the value of System Environment Variables proxy value configured under registry path "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment".
+  .Example
+    Get-SystemWideEnvironmentVariablesProxy
+  .INPUTS
+    Key = The path for the System Environment Variables proxy in the registry. Default value: "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment". Ref: https://docs.microsoft.com/en-us/windows/win32/procthread/environment-variables
+    Skip = Switch to skip this function if the agent is not installed.
+  .OUTPUTS
+    Set-PSObjectResponse -Check "$check" -Status "$value" -Note "$Action"
+#>
+Function Get-SystemWideEnvironmentVariablesProxy {
+  [CmdletBinding()]
+  param (
+    [String]$ProxyKey = "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment", #https://docs.microsoft.com/en-us/windows/win32/procthread/environment-variables
+    [Switch]$Skip
+  )
+  $check = "System-wide environment variable proxy"
+  Write-Log -Message "___________________________________________________________________"
+  Write-Log -Message "New check....."
+  Write-Log -Message "$check"
+
+  Write-Log -Message "Checking System-wide environment variable proxy settings from registry location $ProxyKey."
+  Write-Log -Message "For more information check - https://docs.microsoft.com/en-us/windows/win32/procthread/environment-variables."
+  Write-Log -Message "System-wide environment variable proxy mainly used by MGN Agent to connect to the endpoints"
+  if (-not ($Skip)) {
+    try {
+      $http_proxy_check = Set-ProxyOutput -Path $ProxyKey -Value 'http_proxy' -SettingName $check
+      $https_proxy_check = Set-ProxyOutput -Path $ProxyKey -Value 'https_proxy' -SettingName $check
+      $no_proxy_check = Set-ProxyOutput -Path $ProxyKey -Value 'no_proxy' -SettingName $check
+
+      If (($no_proxy_check[0] -eq $false) -and ($https_proxy_check[0] -eq $false) -and ($http_proxy_check[0] -eq $false)) {
+        $value = "[GREEN]"
+        Write-Log -Message "The check ""$check"" output is $value"
+        $Action = "No action required. There is no http_proxy, https_proxy or no_proxy configured."
+        Write-Log -Message $Action
+      }
+      else {
+        $value = "[YELLOW]"
+        Write-Log -Message "The check ""$check"" output is $value" -LogLevel "WARN"
+        $Action = $http_proxy_check[1] + ". " + $https_proxy_check[1] + ". " + $no_proxy_check[1] + "."
+        Write-Log -Message $Action -LogLevel "WARN"
+      }
+    }
+    catch {
+      Write-Log -Message "Failed..." -LogLevel "ERROR"
+      $Action = "An error occurred when running Get-SystemWideEnvironmentVariablesProxy."
+      Write-Log -Message $Action -LogLevel "ERROR"
+      Write-Log -Message "$($_)" -LogLevel "ERROR"
+      $value = "[RED]"
+      Write-Log -Message "The check ""$check"" output is $value" -LogLevel "ERROR"
+    }
+  }
+  else {
+    $value = "[GREEN]"
+    Write-Log -Message "The check ""$check"" output is $value"
+    $Action = "No action required. Skipped."
+    Write-Log -Message $Action
+  }
+  if ($value -ne "[GREEN]") {
+    $Output.Add((Set-PSObjectResponse -Check "$check" -Status "$value" -Action "$Action"))
+  }
+  return Set-PSObjectResponse -Check "$check" -Status "$value" -Action "$Action"
+}
diff --git a/MGN/Windows/Private/Get-SystemWideProxy.ps1 b/MGN/Windows/Private/Get-SystemWideProxy.ps1
@@ -0,0 +1,86 @@
+<#
+  .Synopsis
+    Check the value of System wide proxy settings.
+  .Description
+    This is a public function used to check the value of System wide proxy settings using netsh winhttp show proxy.
+  .Example
+    Get-SystemWideProxy
+  .INPUTS
+    Skip = Switch to skip this function if the agent is not installed.
+  .OUTPUTS
+    Set-PSObjectResponse -Check "$check" -Status "$value" -Note "$Action"
+#>
+Function Get-SystemWideProxy {
+  [CmdletBinding()]
+  param (
+    [Switch]$Skip
+  )
+
+  $check = "WinHTTP system-wide proxy"
+  Write-Log -Message "___________________________________________________________________"
+  Write-Log -Message "New check....."
+  Write-Log -Message "$check"
+
+  Write-Log -Message "This proxy settings mainly used to by Windows Update service"
+
+  if (-not ($Skip)) {
+    try {
+      # based on https://gist.github.com/itn3000/b414da5337b7d229d812ec3ddcffb446
+      $MethodDefinition = @'
+using System.Runtime.InteropServices;
+public enum AccessType
+{
+    DefaultProxy = 0,
+    NamedProxy = 3,
+    NoProxy = 1
+}
+[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+public struct WINHTTP_PROXY_INFO
+{
+    public AccessType AccessType;
+    public string Proxy;
+    public string Bypass;
+}
+public class WinHttp
+{
+    [DllImport("winhttp.dll", CharSet = CharSet.Unicode, SetLastError = true)]
+    public static extern bool WinHttpGetDefaultProxyConfiguration(ref WINHTTP_PROXY_INFO config);
+}
+'@
+      $Assembly = Add-Type -TypeDefinition $MethodDefinition -PassThru
+      $object = New-Object WINHTTP_PROXY_INFO
+      $object.AccessType = [AccessType]::DefaultProxy
+      $ret = [WinHttp]::WinHttpGetDefaultProxyConfiguration([ref]$object)
+      if ($object.AccessType -eq "NoProxy") {
+        $value = "[GREEN]"
+        Write-Log -Message "The check ""$check"" output is $value"
+        $Action = "No action required. There is no ProxyServer(s) configured for WinHTTP system-wide proxy."
+        Write-Log -Message $Action
+      }
+      else {
+        $value = "[YELLOW]"
+        Write-Log -Message "The check ""$check"" output is $value" -LogLevel "WARN"
+        $Action = "Current WinHTTP system-wide proxy settings for LocalSystem account is " + $object.Proxy + " as ProxyServer(s), and " + $object.Bypass + " as Bypass list. Windows Update service would use these settings"
+        Write-Log -Message $Action -LogLevel "WARN"
+      }
+    }
+    catch {
+      Write-Log -Message "Failed..." -LogLevel "ERROR"
+      $Action = "An error occurred when running Get-SystemWideProxy."
+      Write-Log -Message $Action -LogLevel "ERROR"
+      Write-Log -Message "$($_)" -LogLevel "ERROR"
+      $value = "[RED]"
+      Write-Log -Message "The check ""$check"" output is $value" -LogLevel "ERROR"
+    }
+  }
+  else {
+    $value = "[GREEN]"
+    Write-Log -Message "The check ""$check"" output is $value"
+    $Action = "No action required. Skipped."
+    Write-Log -Message $Action
+  }
+  if ($value -ne "[GREEN]") {
+    $Output.Add((Set-PSObjectResponse -Check "$check" -Status "$value" -Action "$Action"))
+  }
+  return Set-PSObjectResponse -Check "$check" -Status "$value" -Action "$Action"
+}