Proving that changes were made

Proving that changes were made to your scripts is very easy, if you can already use digital signatures. With the Get-AuthenticodeSignature cmdlet, you will see either a valid script or a hash mismatch, meaning a change to your script:

# signed scripts
$codeSigningCert = Get-ChildItem Cert:CurrentUsermy -CodeSigningCert
New-Item -ItemType File -Path .ValidScript.ps1 -Value 'Get-Process -Id $Pid'
Set-AuthenticodeSignature -FilePath .ValidScript.ps1 -Certificate $codeSigningCert -IncludeChain all

(Get-Content -Path .ValidScript.ps1) -replace 'Get-Process', 'Stop-Process' | Set-Content .ValidScript.ps1
Get-AuthenticodeSignature -FilePath .ValidScript.ps1

Another way of proving that changes were made is to create a file catalog. This is essentially a file containing file hashes; for example, your entire collection of scripts. Catalog Version 1 on Windows 7 / Server 2008 R2 uses SHA1, while Catalog Version 2 for Windows 8+ / Server 2012+ uses SHA256. The cmdlet is available in PowerShell Core on Windows and in Windows PowerShell:

# Create a bunch of test files and a new file catalog with SHA256
$folder = New-Item -ItemType Directory -Path .ManyScripts -Force
[void] ((1..100).ForEach({New-Item -Path $folder.FullName -Name "Script$_.ps1" -ItemType File -Value 'Hash me' -Force}))
New-FileCatalog -Path $folder.FullName -CatalogFilePath . -CatalogVersion 2

# Modifying a script will fail validation
Set-Content -Path (Join-Path $folder.FullName Script1.ps1) -Value 'Changed'
Test-FileCatalog -Path $folder.FullName -CatalogFilePath .catalog.cat
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.221.85.33