Posted in
Windows Powershell |
2 Comments | 5,405 views | 31/07/2011 23:17
Merhaba,
Bildiğiniz gibi 5651 gereği web, ftp ve mail loglarını şartnameye uygun olarak imzalamalı ve bu imzalı logları 6 ay boyunca saklamalısınız. Şartnamede logların nasıl imzalanacağıyla ilgili söyle bir şematik anlatım var.
Yukardaki anlatımda da görebileceğiniz gibi aslında 3 farklı dosya saklamamız gerekiyor. Bunlar:
1. Log dosyası
2. Zaman damgası
3. Log hash’i ile zaman damgasının birleşik hash’i
Aşağıdaki Powershell scripti ile bu şartnameye uygun olarak hashleme yapabilirsiniz. Zaman sunucusu olarak script’te de tubitak kullanılmıştır.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
| $Path = "D:\FTP\MailServerLogs"
$TargetFolder = Get-ChildItem "$Path" -Recurse
$CryptoServiceProvider = [System.Security.Cryptography.MD5CryptoServiceProvider];
$HashAlgorithm = New-Object $CryptoServiceProvider
foreach ($File in $TargetFolder)
{
$FileName = $File.Name
$FilePath = $File.DirectoryName
$SigName = $FileName + ".sign"
$SigPath = $FilePath + "\" + $SigName
$DateName = $FileName + ".date"
$DatePath = $FilePath + "\" + $DateName
if ((Test-Path $DatePath) -eq "True")
{
Write-Host "Date file is already exist."
}
else
{
$DateString = Get-Date -uformat "%d.%m.%Y"
$TimeString = (w32tm /stripchart /computer:time.ume.tubitak.gov.tr /samples:1)[-1].split("")[0]
$DateString = $DateString + " " + $TimeString
$DateFile = New-Item -Path "$FilePath" -Name $DateName -type "file" -value $DateString
}
if ((Test-Path $SigPath) -eq "True")
{
Write-Host "Hashtag is already exist."
}
else
{
$Fc = Get-Content $FilePath\$FileName
if ($Fc.Count -gt 0)
{
$Encoding = New-Object System.Text.ASCIIEncoding
$Bytes = $Encoding.GetBytes($Fc)
$HashByteArray = $HashAlgorithm.ComputeHash($Bytes)
$Hashstring = ""
foreach ($Byte in $HashByteArray) {$Hashstring += $Byte.tostring("x2")}
$SigFile = New-Item -Path "$FilePath" -Name $SigName -type "file" -value $Hashstring
Start-Sleep -m 500
}
}
$HashTag = Get-Content $FilePath\$SigName
$HashTag = $HashTag + $DateString
Remove-Item -Path $FilePath\$SigName
$Encoding = New-Object System.Text.ASCIIEncoding
$Bytes = $Encoding.GetBytes($HashTag)
$HashByteArray = $HashAlgorithm.ComputeHash($Bytes)
$Hashstring = ""
foreach ($Byte in $HashByteArray) {$Hashstring += $Byte.tostring("x2")}
$SigFile = New-Item -Path "$FilePath" -Name $SigName -type "file" -value $Hashstring
Write-Host "$FileName is signed!"
} |
$Path = "D:\FTP\MailServerLogs"
$TargetFolder = Get-ChildItem "$Path" -Recurse
$CryptoServiceProvider = [System.Security.Cryptography.MD5CryptoServiceProvider];
$HashAlgorithm = New-Object $CryptoServiceProvider
foreach ($File in $TargetFolder)
{
$FileName = $File.Name
$FilePath = $File.DirectoryName
$SigName = $FileName + ".sign"
$SigPath = $FilePath + "\" + $SigName
$DateName = $FileName + ".date"
$DatePath = $FilePath + "\" + $DateName
if ((Test-Path $DatePath) -eq "True")
{
Write-Host "Date file is already exist."
}
else
{
$DateString = Get-Date -uformat "%d.%m.%Y"
$TimeString = (w32tm /stripchart /computer:time.ume.tubitak.gov.tr /samples:1)[-1].split("")[0]
$DateString = $DateString + " " + $TimeString
$DateFile = New-Item -Path "$FilePath" -Name $DateName -type "file" -value $DateString
}
if ((Test-Path $SigPath) -eq "True")
{
Write-Host "Hashtag is already exist."
}
else
{
$Fc = Get-Content $FilePath\$FileName
if ($Fc.Count -gt 0)
{
$Encoding = New-Object System.Text.ASCIIEncoding
$Bytes = $Encoding.GetBytes($Fc)
$HashByteArray = $HashAlgorithm.ComputeHash($Bytes)
$Hashstring = ""
foreach ($Byte in $HashByteArray) {$Hashstring += $Byte.tostring("x2")}
$SigFile = New-Item -Path "$FilePath" -Name $SigName -type "file" -value $Hashstring
Start-Sleep -m 500
}
}
$HashTag = Get-Content $FilePath\$SigName
$HashTag = $HashTag + $DateString
Remove-Item -Path $FilePath\$SigName
$Encoding = New-Object System.Text.ASCIIEncoding
$Bytes = $Encoding.GetBytes($HashTag)
$HashByteArray = $HashAlgorithm.ComputeHash($Bytes)
$Hashstring = ""
foreach ($Byte in $HashByteArray) {$Hashstring += $Byte.tostring("x2")}
$SigFile = New-Item -Path "$FilePath" -Name $SigName -type "file" -value $Hashstring
Write-Host "$FileName is signed!"
}
Script’in path’ini değiştirmeniz ve bir cronjob olarak tanımlamanız yeterli olacaktır.