ephase/win10-privacy-script
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge branch 'dev' of https://git.epha.se/ephase/win10-privacy-script into dev

Browse source
This commit is contained in:
Yorick Barbanneau 2018-04-04 11:37:46 +02:00
commit a6abc0f73a
1 changed files with 47 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

86
cleanW10.ps1
View file

@ -1,7 +1,8 @@
param (
[cmdletbinding()]
[string]$dir="modules.d",
[string]$module
[string]$module,
[switch]$debug = $false
)
#requires -RunAsAdministrator
@ -11,8 +12,7 @@ Set-StrictMode -Version 2
$HOST_FILE = "$env:windir\System32\drivers\etc\hosts"
$HOST_IP = "0.0.0.0"
$FW_RULE_NAME_PREFIX = "CleanW10"
$ErrorActionPreference = "Stop"
$IP4_REGEX = "((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
$ProgressPreference = "SilentlyContinue"
#Thanks to https://gist.github.com/markembling/173887
@ -26,62 +26,68 @@ function BlockHost {
[object]$params
)
if ( $params.ContainsKey('file') ) {
Foreach ($line in Get-Content $params.file ){ BlockHost -params @{host=$line} }
Foreach ($line in Get-Content $params.file ){ BlockHost -params @{host=$line;firewall=$params.firewall} }
}
if ( $params.ContainsKey('host') -and $params.host -ne "" ) {
Write-Host -NoNewline "`t$($params.host) : "
elseif ( $params.ContainsKey('host') -and $params.host -ne "" ) {
Write-Host "`n`tBlock host $($params.host) : "
try {
if ( ! $(IsHostAlreadyBlocked $HOST_FILE $params.host) ){
$HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE
if ( $(IsHostAlreadyBlocked $HOST_FILE $params.host) ){
#If host is inhosts.conf, verify that ip is blocked in FW
if ( $params.ContainsKey('firewall') -and $params.firewall -eq $true ) {
$tmp = Get-Content $HOST_FILE | Where { $_ -ne "$HOST_IP`t`t$($params.host)" }
Set-Content $HOST_FILE $tmp
BlockHostByIP $params.host
$HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE
}
Write-Host -ForegroundColor Yellow "`t`tHost Already blocked"
}
else {
Write-Host -ForegroundColor Yellow "already blocked "
return
if ( $params.ContainsKey('firewall') -and $params.firewall -eq $true ) {
BlockHostByIP $params.host
}
$HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE
Write-Host -ForegroundColor Green "`t`tHost blocked"
}
Write-Host -ForegroundColor Green "done"
}
catch {
Write-Host -NoNewline -ForegroundColor Red "error`n`t"
Write-Host -ForegroundColor DarkRed $Error[0].Exeption.Message
return
}
if ( $params.ContainsKey('firewall') -and $params.firewall ) {
BlockHostByIP $params.host
Write-Host -NoNewline -ForegroundColor Red "`t`terror`n`t`t"
Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message
}
}
else {
Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)"
}
}
function BlockHostByIP {
param(
[string]$hostname
)
$ip = [system.net.Dns]::GetHostAddresses($hostname)
$rule = Get-NetFirewallAddressFilter | Where-Object { $_.RemoteAddress -eq $ip } -ErrorAction SilentlyContinue | Get-NetFirewallRule
if ( $rule ) {
write-host -ForegroundColor yellow "`t`tFW Rule exist : ($($rule.name))"
}
else {
write-host -NoNewline -Foregroundcolor Green "`t`tFW block host.`n`t`t"
FwBlockOutputIP @{
ip=$ip,
name=$hostname
$resolv = Resolve-DnsName $hostname -ErrorAction SilentlyContinue | select Address,Type | Where { $_.type -match "^A{1,4}$" }
$resolv | Foreach {
Write-Host -NoNewLine "`t`t"
if ($_.Address -match $IP4_REGEX ) { Write-Debug "Found a valid IPv4 $($_.Address)" }
$ip = $_.Address
$rule = Get-NetFirewallAddressFilter | Where-Object { $_.RemoteAddress -eq $ip } | Get-NetFirewallRule
if ( $rule ) {
write-host -NoNewLine "FW Rule exist : "
write-host -ForegroundColor yellow $rule.name
}
else {
FwBlockOutputIP @{
ip=$ip;
name=$hostname
}
}
}
}
function IsHostAlreadyBlocked {
param([string]$filename, [string]$hostname)
$c = Get-Content $filename
foreach ($line in $c) {
$bits = [regex]::Split($line, "\t+")
if ($bits[1] -eq $hostname) {
return $true
}
$c = Get-Content $filename | where { $_ -eq "$HOST_IP`t`t$hostname" }
Write-Debug "`tMatch hostname on host file : $c"
if ( $c ) {
return $true
}
return $false
}
@ -98,7 +104,7 @@ function FwBlockOutputIP {
$name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.ip
}
else {
$name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.name
$name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.name + "-" + $params.ip
}
Write-Host -NoNewline "`tAdd FW IP rule $name ($($params.ip)) : "
if ( Get-NetFirewallRule -Name $name -ErrorAction SilentlyContinue) {
@ -107,7 +113,7 @@ function FwBlockOutputIP {
}
else {
Try {
New-NetFirewallRule -Name $name -DisplayName "$name (blacklist $($params.ip))" -Direction Outbound -Protocol any -Enabled True -Profile Any -RemoteAddress $params.ip -Action Block | Out-Null
New-NetFirewallRule -Name "$name" -DisplayName "$name" -Direction Outbound -Protocol any -Enabled True -Profile Any -RemoteAddress $params.ip -Action Block | Out-Null
}
Catch {
Write-Host -ForegroundColor Red "error"
@ -685,7 +691,7 @@ $script:users | foreach {
}
catch {
Write-Host -ForegroundColor Red "Error`n`t"
Write-host $Error[0].Exeption.Message
Write-host $Error[0].Exception.Message
}
}
else {
@ -694,7 +700,9 @@ $script:users | foreach {
}
}
Write-Host "Folder to process : $module"
if ( $debug ) {
$DebugPreference = "Continue"
}
if ( $module -and $( Test-Path $module ) ) {
$module | ProcessModuleFile
}