SNMP Auditing

Here is an easy way to find all snmp devices on your network and check if they are running any of a list of common strings you want to test for.  And do it without risking a write access check.  I did the following with my Mac PowerBook just using the C compiler CC.

Continue reading “SNMP Auditing”

Scheduled MSBA Scans

The Microsoft Baseline Security Scanner comes with a Command Line Interface. So it is pretty easy make a bat file to schedule. You will need blat to email the notification if you want. I tried to make blat email a UNC or URL link to where the reports are saved but have not had luck. Put your list of targets to scan in the servers.txt file with one name per line.

rem ———- Set Variables
set MailTo1=””
set ServerList=g:\logs\servers.txt
set ArchivePath=g:\logs\LogArchive\MBSA
set ReportPath=%ArchivePath%
set MBSAPath=”C:\Program Files\Microsoft Baseline Security Analyzer 2\”
set uname=%username%

rem ———- Enter Logs folder and clear out temp files and old reports
del “%userprofile%\SecurityScans\*.mbsa”
del resultslist.txt

rem ———- Run MBSA Against Server List to Generate Reports
%MBSAPath%mbsacli /listfile %ServerList%

rem ———- archive scan
FOR /f “tokens=2-4 delims=/ ” %%G IN (‘DATE /T’) DO (
SET _mm=%%G
SET /A _dd=%%H
SET _yyyy=%%I

mkdir %ArchivePath%\%_yyyy%%_mm%%_dd%
copy “%userprofile%\SecurityScans\*.mbsa” %ArchivePath%\%_yyyy%%_mm%%_dd%\*.mbsa
dir /b %ArchivePath%\%_yyyy%%_mm%%_dd%\ > resultslist.txt

rem ———- use blat to email report
blat -to %MailTo1% -subject MBSA-Scan-Completed -sig resultslist.txt -body “To view results check files located at %ReportPath%\%_yyyy%%_mm%%_dd%\”