-
Notifications
You must be signed in to change notification settings - Fork 5
/
Set-IISCryptoLogging.ps1
138 lines (111 loc) · 3.88 KB
/
Set-IISCryptoLogging.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
[CmdletBinding(SupportsShouldProcess=$true)]
param (
[Parameter(Mandatory=$true,Position=0,ParameterSetName = "site")]
[string]$WebSite,
[Parameter(Mandatory=$true,Position=0,ParameterSetName = "server")]
[switch]$Server
)
Begin
{
[string]$path = 'MACHINE/WEBROOT/APPHOST'
Function GetLogFields( [string]$site){
# shows the current settings
if ($site -eq "")
{
[string]$filter = "system.applicationHost/sites/siteDefaults/logFile/customFields"
}
else {
[string]$filter = "system.applicationHost/sites/site[@name='" + $site + "']/logFile/customFields"
}
Write-Output ""
Write-Output "Data for: '$filter':"
(Get-WebConfigurationProperty -pspath "$path" -filter "$filter" -name ".").Collection | Format-Table -Property logFieldName,sourceName,sourceType
}
Function AddNewField
{
[CmdletBinding(SupportsShouldProcess=$true)]
param(
[string]$site,
[string]$fieldName,
[string]$source
)
[string]$target = "WebSite '$site'"
if ($site -eq "")
{
$target = "Server"
[string]$filter = "system.applicationHost/sites/siteDefaults/logFile/customFields"
}
else {
[string]$filter = "system.applicationHost/sites/site[@name='" + $site + "']/logFile/customFields"
}
$value = @{}
$value.logFieldName = $fieldName;
$value.sourceName = $source
$value.sourceType = "ServerVariable"
$count = ((Get-WebConfigurationProperty -pspath "$path" -filter "$filter" -name ".").Collection | Where-Object logFieldName -eq $fieldName).count
if ($count -eq 0)
{
if ($PSCmdlet.ShouldProcess($target,"adding custom log field '$fieldName'")) {
Add-WebConfigurationProperty -pspath "$path" -filter "$filter" -name "." -value $value
Write-Output "Added '$filter - $fieldName'"
}
}
else {
Write-OutPut "'$filter - $fieldName' already exists"
}
}
Function AddNewFields([string]$siteName)
{
Write-Output ""
AddNewField -site $siteName -fieldName "crypt-protocol" -source "CRYPT_PROTOCOL"
AddNewField -site $siteName -fieldName "crypt-cipher" -source "CRYPT_CIPHER_ALG_ID"
AddNewField -site $siteName -fieldName "crypt-hash" -source "CRYPT_HASH_ALG_ID"
AddNewField -site $siteName -fieldName "crypt-keyexchange" -source "CRYPT_KEYEXCHANGE_ALG_ID"
}
}
Process{
if ($Server)
{
Write-Output "Changing Server level configuration"
AddNewFields -siteName ""
GetLogFields -site ""
}
elseif ($WebSite -ne "")
{
$site = Get-Website -name $WebSite
if ($null -ne $site)
{
Write-Output "Found WebSite: '$($site.Name)'"
AddNewFields -siteName "$($site.Name)"
GetLogFields -site $($site.Name)
}
else {
Write-Warning "Site '$WebSite' not found"
}
}
}
<#
.SYNOPSIS
Adds custom log fields to IIS Web Server
.DESCRIPTION
To see what TLS connection settings users are using when visiting your site
newer IIS can log four additional fields in the http logs.
This scripts adds these settings.
.PARAMETER WebSite
The name of the web site to add the settings to
.PARAMETER Server
To add the settings to the server level
.EXAMPLE
Set-IISCryptoLogging.ps1 -WebSite "Default Web Site"
Add the settings for the default web site
.EXAMPLE
Invoke-SQL.ps1 -server -whatif
Add the settings for the whole server, but just show what would be done
.LINK
https://www.microsoft.com/security/blog/2017/09/07/new-iis-functionality-to-help-identify-weak-tls-usage/
.LINK
https://github.com/hahndorf/hacops
.NOTES
Author: Peter Hahndorf
Created: November 14th, 2019
#>