How to Run a Comprehensive Linux and Windows Security Baseline Check with Ready‑to‑Use Scripts

This article shares two ready‑to‑execute scripts—one for Linux (test.sh) and one for Windows PowerShell (test.ps1)—that help administrators perform a security baseline assessment required by the Chinese graded protection (等保) standards.

Linux Shell Script (test.sh)

The script begins by printing a header, then gathers basic system data such as IP address, OS name, hostname, and current date. It proceeds to check high‑risk open ports, zombie processes, routing tables, listening ports, CPU and memory usage, SSH key authentication, password policies, log file existence, firewall status, and various security‑related files and configurations. Each check outputs a descriptive line indicating whether the item is compliant ("合格项") or requires adjustment ("异常项"). The script also includes comments and separators for readability.

Windows PowerShell Script (test.ps1)

The PowerShell script is structured with descriptive comment blocks ( .SYNOPSIS, .DESCRIPTION, .EXAMPLE, .NOTES) and defines a set of reusable functions: F_IsCurrentUserAdmin – verifies the script runs with administrator privileges. F_Logging – provides colored console output for info, warning, and error messages. F_Tools – a generic comparison helper that evaluates a key/value against expected security parameters and returns a result object.

Various functions ( F_GetRegPropertyValue, F_SysInfo, F_SysAccount, F_SysAccountPolicy, F_SysEventAuditPolicy, F_SysUserPrivilegePolicy, F_SysSecurityOptionPolicy, F_SysRegistryPolicy, F_SysProcessServicePolicy) that collect system information, read registry values, and compare them against predefined security baselines (e.g., password complexity, account lockout thresholds, audit policies, firewall settings, registry hardening).

The script also includes optional online retrieval of Microsoft Security Response Center (MSRC) patch data via a REST API, storing the results in local JSON files ( WSUSList.json, WSUSListId.json) for later comparison with installed hotfixes.

Execution Flow

The Main function orchestrates the process: it checks for admin rights, exports the current security policy to config.cfg, loads the configuration, logs timestamps, gathers basic host info, NTP settings, IP configuration, auto‑run program counts, remote port checks, installed KB patches, running ports, services, account information, and finally runs all policy‑checking functions, appending their results to a log file named after the host IP.

Result Presentation

Both scripts output their findings to the console and to a log file, with clear markers indicating compliant items and those needing remediation. Sample screenshots (included in the original article) illustrate the formatted output.

Conclusion

These scripts provide a quick, reproducible method for organizations to self‑audit their Linux and Windows servers against the 等保 baseline, helping identify misconfigurations such as open high‑risk ports, weak password policies, missing audit settings, and unpatched vulnerabilities.