Merge branch 'dev' of https://git.epha.se/ephase/win10-privacy-script into dev
This commit is contained in:
commit
a6abc0f73a
1 changed files with 47 additions and 39 deletions
86
cleanW10.ps1
86
cleanW10.ps1
|
|
@ -1,7 +1,8 @@
|
||||||
param (
|
param (
|
||||||
[cmdletbinding()]
|
[cmdletbinding()]
|
||||||
[string]$dir="modules.d",
|
[string]$dir="modules.d",
|
||||||
[string]$module
|
[string]$module,
|
||||||
|
[switch]$debug = $false
|
||||||
)
|
)
|
||||||
#requires -RunAsAdministrator
|
#requires -RunAsAdministrator
|
||||||
|
|
||||||
|
|
@ -11,8 +12,7 @@ Set-StrictMode -Version 2
|
||||||
$HOST_FILE = "$env:windir\System32\drivers\etc\hosts"
|
$HOST_FILE = "$env:windir\System32\drivers\etc\hosts"
|
||||||
$HOST_IP = "0.0.0.0"
|
$HOST_IP = "0.0.0.0"
|
||||||
$FW_RULE_NAME_PREFIX = "CleanW10"
|
$FW_RULE_NAME_PREFIX = "CleanW10"
|
||||||
|
$IP4_REGEX = "((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$"
|
||||||
$ErrorActionPreference = "Stop"
|
|
||||||
$ProgressPreference = "SilentlyContinue"
|
$ProgressPreference = "SilentlyContinue"
|
||||||
|
|
||||||
#Thanks to https://gist.github.com/markembling/173887
|
#Thanks to https://gist.github.com/markembling/173887
|
||||||
|
|
@ -26,62 +26,68 @@ function BlockHost {
|
||||||
[object]$params
|
[object]$params
|
||||||
)
|
)
|
||||||
if ( $params.ContainsKey('file') ) {
|
if ( $params.ContainsKey('file') ) {
|
||||||
Foreach ($line in Get-Content $params.file ){ BlockHost -params @{host=$line} }
|
Foreach ($line in Get-Content $params.file ){ BlockHost -params @{host=$line;firewall=$params.firewall} }
|
||||||
}
|
}
|
||||||
if ( $params.ContainsKey('host') -and $params.host -ne "" ) {
|
elseif ( $params.ContainsKey('host') -and $params.host -ne "" ) {
|
||||||
Write-Host -NoNewline "`t$($params.host) : "
|
Write-Host "`n`tBlock host $($params.host) : "
|
||||||
try {
|
try {
|
||||||
if ( ! $(IsHostAlreadyBlocked $HOST_FILE $params.host) ){
|
if ( $(IsHostAlreadyBlocked $HOST_FILE $params.host) ){
|
||||||
$HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE
|
#If host is inhosts.conf, verify that ip is blocked in FW
|
||||||
|
if ( $params.ContainsKey('firewall') -and $params.firewall -eq $true ) {
|
||||||
|
$tmp = Get-Content $HOST_FILE | Where { $_ -ne "$HOST_IP`t`t$($params.host)" }
|
||||||
|
Set-Content $HOST_FILE $tmp
|
||||||
|
BlockHostByIP $params.host
|
||||||
|
$HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE
|
||||||
|
}
|
||||||
|
Write-Host -ForegroundColor Yellow "`t`tHost Already blocked"
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
Write-Host -ForegroundColor Yellow "already blocked "
|
if ( $params.ContainsKey('firewall') -and $params.firewall -eq $true ) {
|
||||||
return
|
BlockHostByIP $params.host
|
||||||
|
}
|
||||||
|
$HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE
|
||||||
|
Write-Host -ForegroundColor Green "`t`tHost blocked"
|
||||||
}
|
}
|
||||||
Write-Host -ForegroundColor Green "done"
|
|
||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Host -NoNewline -ForegroundColor Red "error`n`t"
|
Write-Host -NoNewline -ForegroundColor Red "`t`terror`n`t`t"
|
||||||
Write-Host -ForegroundColor DarkRed $Error[0].Exeption.Message
|
Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message
|
||||||
return
|
|
||||||
}
|
|
||||||
if ( $params.ContainsKey('firewall') -and $params.firewall ) {
|
|
||||||
BlockHostByIP $params.host
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)"
|
Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)"
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function BlockHostByIP {
|
function BlockHostByIP {
|
||||||
param(
|
param(
|
||||||
[string]$hostname
|
[string]$hostname
|
||||||
)
|
)
|
||||||
$ip = [system.net.Dns]::GetHostAddresses($hostname)
|
$resolv = Resolve-DnsName $hostname -ErrorAction SilentlyContinue | select Address,Type | Where { $_.type -match "^A{1,4}$" }
|
||||||
$rule = Get-NetFirewallAddressFilter | Where-Object { $_.RemoteAddress -eq $ip } -ErrorAction SilentlyContinue | Get-NetFirewallRule
|
$resolv | Foreach {
|
||||||
if ( $rule ) {
|
Write-Host -NoNewLine "`t`t"
|
||||||
write-host -ForegroundColor yellow "`t`tFW Rule exist : ($($rule.name))"
|
if ($_.Address -match $IP4_REGEX ) { Write-Debug "Found a valid IPv4 $($_.Address)" }
|
||||||
}
|
$ip = $_.Address
|
||||||
else {
|
$rule = Get-NetFirewallAddressFilter | Where-Object { $_.RemoteAddress -eq $ip } | Get-NetFirewallRule
|
||||||
write-host -NoNewline -Foregroundcolor Green "`t`tFW block host.`n`t`t"
|
if ( $rule ) {
|
||||||
FwBlockOutputIP @{
|
write-host -NoNewLine "FW Rule exist : "
|
||||||
ip=$ip,
|
write-host -ForegroundColor yellow $rule.name
|
||||||
name=$hostname
|
}
|
||||||
|
else {
|
||||||
|
FwBlockOutputIP @{
|
||||||
|
ip=$ip;
|
||||||
|
name=$hostname
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function IsHostAlreadyBlocked {
|
function IsHostAlreadyBlocked {
|
||||||
param([string]$filename, [string]$hostname)
|
param([string]$filename, [string]$hostname)
|
||||||
$c = Get-Content $filename
|
$c = Get-Content $filename | where { $_ -eq "$HOST_IP`t`t$hostname" }
|
||||||
|
Write-Debug "`tMatch hostname on host file : $c"
|
||||||
foreach ($line in $c) {
|
if ( $c ) {
|
||||||
$bits = [regex]::Split($line, "\t+")
|
return $true
|
||||||
if ($bits[1] -eq $hostname) {
|
|
||||||
return $true
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
return $false
|
return $false
|
||||||
}
|
}
|
||||||
|
|
@ -98,7 +104,7 @@ function FwBlockOutputIP {
|
||||||
$name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.ip
|
$name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.ip
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.name
|
$name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.name + "-" + $params.ip
|
||||||
}
|
}
|
||||||
Write-Host -NoNewline "`tAdd FW IP rule $name ($($params.ip)) : "
|
Write-Host -NoNewline "`tAdd FW IP rule $name ($($params.ip)) : "
|
||||||
if ( Get-NetFirewallRule -Name $name -ErrorAction SilentlyContinue) {
|
if ( Get-NetFirewallRule -Name $name -ErrorAction SilentlyContinue) {
|
||||||
|
|
@ -107,7 +113,7 @@ function FwBlockOutputIP {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
Try {
|
Try {
|
||||||
New-NetFirewallRule -Name $name -DisplayName "$name (blacklist $($params.ip))" -Direction Outbound -Protocol any -Enabled True -Profile Any -RemoteAddress $params.ip -Action Block | Out-Null
|
New-NetFirewallRule -Name "$name" -DisplayName "$name" -Direction Outbound -Protocol any -Enabled True -Profile Any -RemoteAddress $params.ip -Action Block | Out-Null
|
||||||
}
|
}
|
||||||
Catch {
|
Catch {
|
||||||
Write-Host -ForegroundColor Red "error"
|
Write-Host -ForegroundColor Red "error"
|
||||||
|
|
@ -685,7 +691,7 @@ $script:users | foreach {
|
||||||
}
|
}
|
||||||
catch {
|
catch {
|
||||||
Write-Host -ForegroundColor Red "Error`n`t"
|
Write-Host -ForegroundColor Red "Error`n`t"
|
||||||
Write-host $Error[0].Exeption.Message
|
Write-host $Error[0].Exception.Message
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
@ -694,7 +700,9 @@ $script:users | foreach {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Write-Host "Folder to process : $module"
|
Write-Host "Folder to process : $module"
|
||||||
|
if ( $debug ) {
|
||||||
|
$DebugPreference = "Continue"
|
||||||
|
}
|
||||||
if ( $module -and $( Test-Path $module ) ) {
|
if ( $module -and $( Test-Path $module ) ) {
|
||||||
$module | ProcessModuleFile
|
$module | ProcessModuleFile
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Reference in a new issue