!deploy

It's 0.1 version of this project. Finished two basic function for baseline check: 1. compare-rsop which compare gpresult xml. 2. compare-scriptoutput which compare script stored in csv also revised psake build files.
edxi · Jan 15, 2018 · b77b122 · b77b122
1 parent 544ff64
commit b77b122
Show file tree

Hide file tree

Showing 10 changed files with 553 additions and 36 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+Release
diff --git a/BaselineCheck.psd1 b/BaselineCheck.psd1
@@ -12,7 +12,7 @@
 RootModule = 'BaselineCheck.psm1'
 
 # Version number of this module.
-ModuleVersion = '0.0.2'
+ModuleVersion = '0.1.0'
 
 # Supported PSEditions
 # CompatiblePSEditions = @()
@@ -69,16 +69,17 @@ PowerShellVersion = '3.0'
 # NestedModules = @()
 
 # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-FunctionsToExport = '*'
+# FunctionsToExport = '*'
+FunctionsToExport = @('Compare-Rsop','Compare-ScriptOutput','Find-RsopSetting','Find-XmlNodes')
 
 # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-CmdletsToExport = '*'
+# CmdletsToExport = '*'
 
 # Variables to export from this module
 # VariablesToExport = @()
 
 # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
-AliasesToExport = '*'
+# AliasesToExport = '*'
 
 # DSC resources to export from this module
 # DscResourcesToExport = @()
@@ -98,7 +99,7 @@ PrivateData = @{
         Tags = @()
 
         # A URL to the license for this module.
-        LicenseUri = 'https://github.com/edxi/BaselineCheck/license'
+        LicenseUri = 'https://github.com/edxi/BaselineCheck/blob/master/LICENSE'
 
         # A URL to the main website for this project.
         ProjectUri = 'https://github.com/edxi/BaselineCheck/'

diff --git a/BaselineCheck.psm1 b/BaselineCheck.psm1
@@ -1,20 +1,35 @@
+#Module vars
+$ModulePath = $PSScriptRoot
+
 #Get public and private function definition files.
-$Public = @( Get-ChildItem -Path $PSScriptRoot\Public\*.ps1 -ErrorAction SilentlyContinue )
-$Private = @( Get-ChildItem -Path $PSScriptRoot\Private\*.ps1 -ErrorAction SilentlyContinue )
+    $Public  = Get-ChildItem $PSScriptRoot\Public\*.ps1 -ErrorAction SilentlyContinue
+    $Private = Get-ChildItem $PSScriptRoot\Private\*.ps1 -ErrorAction SilentlyContinue
+    [string[]]$PrivateModules = Get-ChildItem $PSScriptRoot\Private -ErrorAction SilentlyContinue |
+        Where-Object {$_.PSIsContainer} |
+        Select -ExpandProperty FullName
 
-#Dot source the files
-Foreach ($import in @($Public + $Private)) {
-    Try {
-        . $import.fullname
-    }
-    Catch {
-        Write-Error -Message "Failed to import function $($import.fullname): $_"
+# Dot source the files
+    Foreach($import in @($Public + $Private))
+    {
+        Try
+        {
+            . $import.fullname
+        }
+        Catch
+        {
+            Write-Error "Failed to import function $($import.fullname): $_"
+        }
     }
-}
 
-# Here I might...
-# Read in or create an initial config file and variable
-# Export Public functions ($Public.BaseName) for WIP modules
-# Set variables visible to the module and its functions only
-
-Export-ModuleMember -Function $Public.Basename
+# Load up dependency modules
+    foreach($Module in $PrivateModules)
+    {
+        Try
+        {
+            Import-Module $Module -ErrorAction Stop
+        }
+        Catch
+        {
+            Write-Error "Failed to import module $Module`: $_"
+        }
+    }
diff --git a/Build.ps1 b/Build.ps1
@@ -83,6 +83,7 @@ Properties {
         (Split-Path $PSCommandPath -Leaf),
         'Release',
         'Tests',
+        'Build'
         '.git*',
         '.vscode',
         # These files are unique to this examples dir.

diff --git a/Build/deploy.psdeploy.ps1 b/Build/deploy.psdeploy.ps1
@@ -19,15 +19,15 @@
 
 # Publish to gallery with a few restrictions
 if(
-    $env:BHModulePath -and
+    $ENV:PublishDir -and
     $env:BHBuildSystem -ne 'Unknown' -and
     $env:BHBranchName -eq "master" -and
     $env:BHCommitMessage -match '!deploy'
 )
 {
     Deploy Module {
         By PSGalleryModule {
-            FromSource $ENV:BHModulePath
+            FromSource $ENV:PublishDir
             To PSGallery
             WithOptions @{
                 ApiKey = $ENV:NugetApiKey
@@ -46,13 +46,13 @@ else
 
 # Publish to AppVeyor if we're in AppVeyor
 if(
-    $env:BHModulePath -and
+    $ENV:PublishDir -and
     $env:BHBuildSystem -eq 'AppVeyor'
    )
 {
     Deploy DeveloperBuild {
         By AppVeyorModule {
-            FromSource $ENV:BHModulePath
+            FromSource $ENV:PublishDir
             To AppVeyor
             WithOptions @{
                 Version = $env:APPVEYOR_BUILD_VERSION

diff --git a/Build/psake.ps1 b/Build/psake.ps1
@@ -18,16 +18,40 @@ Properties {
     {
         $Verbose = @{Verbose = $True}
     }
+
+    # The directory used to publish the module from.  If you are using Git, the
+    # $PublishRootDir should be ignored if it is under the workspace directory.
+    $PublishRootDir = "$ProjectRoot\Release"
+    $PublishDir     = "$PublishRootDir\$ENV:BHProjectName"
+    $ENV:PublishDir = $PublishDir
+
+    # The following items will not be copied to the $PublishDir.
+    # Add items that should not be published with the module.
+    $Exclude = @(
+    (Split-Path $PSCommandPath -Leaf),
+    'Release',
+    'Tests',
+    'Build'
+    '.git*',
+    '.vscode',
+    # These files are unique to this examples dir.
+    'DebugTest.ps1',
+    'appveyor.yml'
+    'Build.ps1'
+    )
 }
 
 Task Default -Depends Test
 
-Task Init {
+Task Init -requiredVariables PublishDir {
     $lines
     Set-Location $ProjectRoot
     "Build System Details:"
     Get-Item ENV:BH*
     "`n"
+    if (!(Test-Path $PublishDir)) {
+        $null = New-Item $PublishDir -ItemType Directory
+    }
 }
 
 Task Test -Depends Init  {
@@ -56,20 +80,30 @@ Task Test -Depends Init  {
     "`n"
 }
 
-Task Build -Depends Test {
+Task Clean -requiredVariables PublishRootDir {
+    # Sanity check the dir we are about to "clean".  If $PublishRootDir were to
+    # inadvertently get set to $null, the Remove-Item commmand removes the
+    # contents of \*.  That's a bad day.  Ask me how I know?  :-(
+    if ((Test-Path $PublishRootDir) -and $PublishRootDir.Contains($PSScriptRoot)) {
+        Remove-Item $PublishRootDir\* -Recurse -Force
+    }
+}
+
+Task Build -Depends Clean, Test -requiredVariables PublishDir, Exclude {
     $lines
-    
+
     # Load the module, read the exported functions, update the psd1 FunctionsToExport
     Set-ModuleFunctions
 
     # Bump the module version if we didn't already
     Try
     {
-        $GalleryVersion = Get-NextPSGalleryVersion -Name $env:BHProjectName -ErrorAction Stop
+        $GalleryVersion = Get-NextNugetPackageVersion -Name $env:BHProjectName -ErrorAction Stop
         $GithubVersion = Get-MetaData -Path $env:BHPSModuleManifest -PropertyName ModuleVersion -ErrorAction Stop
         if($GalleryVersion -ge $GithubVersion) {
             Update-Metadata -Path $env:BHPSModuleManifest -PropertyName ModuleVersion -Value $GalleryVersion -ErrorAction stop
         }
+        Copy-Item -Path $env:BHModulePath\* -Destination $PublishDir -Recurse -Exclude $Exclude
     }
     Catch
     {

diff --git a/Public/Compare-Rsop.ps1 b/Public/Compare-Rsop.ps1
@@ -58,7 +58,8 @@ function Compare-Rsop {
         if (($allGpoSettings |Get-Member -MemberType 'NoteProperty' | Select-Object -ExpandProperty 'Name') -notcontains 'Check Result') {
             $allGpoSettings | Add-Member -Name "Check Result" -MemberType NoteProperty
         }
-        $allGpoSettings | Where-Object {$_.Extension -ne ''-and $_.Where -ne '' -and $_.Is -ne '' -and $_.Return -ne ''} | ForEach-Object {
+
+        $allGpoSettings | Where-Object {$_.Extension -ne ''-and $_.Where -ne '' -and $_.Is -ne '' -and $_.Return -ne '' -and $_.'Baseline Value' -ne ''} | ForEach-Object {
             $_.'Actual Value' = Find-RsopSetting -rsopxml $env:TEMP\results.xml `
                 -Extension $_.Extension `
                 -Where $_.Where `

diff --git a/Public/Compare-ScriptOutput.ps1 b/Public/Compare-ScriptOutput.ps1
@@ -39,20 +39,30 @@ function Compare-ScriptOutput {
 
     begin {
         while ($csvfile[0] -eq '') {$csvfile = Get-FileName}
+        $allBaselineSettings = @()
     }
 
     process {
         # Import baseline items from .csv file
-        $allBaselineSettings = @()
         foreach ($acsvfile in $csvfile) {
             $allBaselineSettings += Import-Csv -Path $acsvfile
         }
 
-        $allBaselineSettings | Where-Object {$_.ScriptBlock -ne ''} | ForEach-Object {
-            $_.ItemName
+        if (($allBaselineSettings |Get-Member -MemberType 'NoteProperty' | Select-Object -ExpandProperty 'Name') -notcontains 'Actual Value') {
+            $allBaselineSettings | Add-Member -Name "Actual Value" -MemberType NoteProperty
+        }
+        if (($allBaselineSettings |Get-Member -MemberType 'NoteProperty' | Select-Object -ExpandProperty 'Name') -notcontains 'Check Result') {
+            $allBaselineSettings | Add-Member -Name "Check Result" -MemberType NoteProperty
+        }
+
+        $allBaselineSettings | Where-Object {$_.Script -ne '' -and $_.'Baseline Value' -ne ''} | ForEach-Object {
+            $ScriptReturn = &([Scriptblock]::Create($_.Script))
+            $_.'Actual Value' = $ScriptReturn['Actual Value']
+            $_.'Check Result' = $ScriptReturn['Check Result']
         }
     }
 
     end {
+        $allBaselineSettings | Export-Csv -Path "$env:TEMP\$env:COMPUTERNAME-$(Get-Date -UFormat "%Y%m%d-%H%M%S").csv" -NoTypeInformation
     }
 }
diff --git a/README.md b/README.md
@@ -10,10 +10,10 @@ The purpose of this script which is provides windows baseline check functions.
 * Compare GP settings.
   * To reads a given GP setting in a specifying format file.
   * Compare the GP setting items to check compliance.
-* Invoke baseline check script. (in progress...)
+* Invoke baseline check script.
   * To reads a given windows baseline scripts in a specifying format files.
   * Invoke scripts to compare target result to check compliance.
-* Export compliance check to a report csv as a result. (in progress)
+* Export compliance check to a report csv as a result.
 
 ## Examples
 
@@ -57,7 +57,34 @@ Find-RsopSetting -rsopxml $rsopxml -Extension 'Auditing' -Where 'SubcategoryName
 
 ### Compare RSOP Items
 
-Writing Compare-Rsop.ps1 In progress...
+As most of baseline setting is part of group policy, this function could call gpresult and compare generated xml with a predefined .csv file.
+The predefined .csv file should includes at least four columns:
+
+* `Extension` - Identify the extesion namespace.
+* `Where` - Element name which looking for.
+* `Is` - Element content which looking for.
+* `Return` - Element content would be return.
+
+```powershell
+Compare-Rsop -csvfile c:\temp\baseline.csv
+```
+
+This will generate a report csv file in `$env:TEMP`, based on inputed c:\temp\baseline.csv file.
+
+### Compare Script Output
+
+Some baseline setting could only be checked by script.
+A predefined .csv file should includes a column `Script` to store the script block.
+The script block need return a hash object, includes:
+
+* `Actual Value` - The script gets the actual avalue from system according to checking item.
+* `Check Result` - As compared to baseline value, the result of compliance or not.
+
+```powershell
+Compare-ScriptOutput -csvfile c:\temp\baseline.csv
+```
+
+This will generate a report csv file in `$env:TEMP`, based on inputed c:\temp\baseline.csv file.
 
 ## Feedback