Microsoft Baseline Security Analyzer(MBSA)

簡介

Microsoft Baseline Security Analyzer (MBSA) 是一個簡單易用的工具,可協助中小型企業判斷其安全性狀態是否符合Microsoft 的安全性建議,並會根據結果提供具體的矯正指示。使用MBSA 偵測一般常犯的安全性設定錯誤和電腦系統所遺漏的安全性更新,以增強您的安全性管理流程。


概觀

為了方便地評估安裝Windows電腦之安全狀態,微軟提供了免費的Microsoft Baseline Security Analyzer (MBSA)掃描工具。MBSA包括圖型和命令列界面,可以進行本地或遠程掃描微軟Windows系統

MBSA運行在Windows Server 2008 R2, Windows 7, Windows Server 2008, Windows Visat, Windows Server 2003, Windows XP和Windows 2000系統上時,將使用微軟更新的技術掃描缺少的安全更新(security updates)和匯整服務包(rollups and service packs)。

MBSA將同時掃描常見的安全錯誤(也稱為漏洞評估檢查)使用一個己知的列表列出所有版本的Windows安全設定和組態, Internet Information Server (IIS) 5.0, 6.0 and 6.1, SQL Server 2000 and 2005, Internet Explorer (IE) 5.01 and later, and Office 2000, 2002 and 2003。
支援作業系統
. Windows Server 2008 R2
. Windows 7
. Windows Server 2008
. Windows Vista
. Windows Server 2003
. Windows XP
. Windows 2000
  
檢查項目
. 安全更新(security updates)
. 匯整服務包(rollups and service packs)
. 系統安全設定和組態
. Internet Information Server (IIS) 5.0, 6.0 and 6.1
. SQL Server 2000 and 2005
. Internet Explorer (IE) 5.01 and later
. Office 2000, 2002 and 2003

安裝方法

掃描

安裝好MBSA後就可以開始掃描了,掃描的方式也非常簡單



功能說明
  • Scan a computer 掃描單台主機
  • Scan multiple computers 掃描多台主機
  • View existing security scan reports 瀏覽現存的掃描報表


選項說明
  • Check for Windows administrative vulnerabilities – 檢查Windows管理漏洞
  • Check for weak password – 密碼強度檢查
  • Check for IIS administrative vulnerabilities – 檢查IIS管理漏洞
  • Check for SQL administrative vulnerabilities – 檢查SQL管理漏洞
  • Check for security updates – 檢查安全更新
  • Configure computers for Microsoft Update and scanning prerequisites – 微軟更新和掃描先決條件之電腦設定
  • Advanced Update Service Options – 進階更新服務選項
  • Scan using assigned Windows Server Update Services(WSUS) Servers only – 掃描只使用指定的Windows Server Update Services(WSUS)伺服器
  • Scan using Microsoft Update only – 掃描只使用Microsoft Update
  • Scan using offline catalog only - 掃描離線的目錄檔


下載更新pattern


掃瞄結果



命令列界面MBSA Command Line(CMD)

Microsoft Baseline Security Analyzer Version 2.1.1 (2.1.2112.0)
(C) Copyright 2002-2009 Microsoft Corporation. All rights reserved.
使用方式
使用前於命令列模式下,先行切換到安裝目錄下(C:\Program Files\Microsoft Baseline Security Analyzer 2)

MBSACLI [/target | /r | /d domain | /listfile file] [/n option] [/o file] [/qp]
        [/qe] [/qr] [/qt] [/xmlout] [/wa | /wi | /offline | /addonly] [/noadd]
        [/cabpath path] [/catalog file] [/unicode] [/nvc] [/ia] [/mu] [/nd]
        [/rd directory] [/?]

MBSACLI [/l] [/ls] [/lr file] [/ld file] [/unicode] [/nvc] [/rd directory] [/?]
參數列表(Parameter List)

參數
使用方式
說明
/target
domain\computer
Scan named computer.
/target
IP
Scan named IP address.
/r
IP-IP
Scan named IP addresses range.
/listfile
File
Scan named IP address or computer listed in the specified file.
/d
Domain
Scan named domain (use NetBIOS compatible domain name (Ex:MyDomain) instead of Fully Qualified Domain Name(Ex:Mydomain.com)).
/n
Option
Select which scans to NOT perform.Allchecks are performed by default. Valid values:"OS", "SQL", "IIS", "Updates", "Password", Can be concatenated with "+"(no spaces).
/wa

Show only updates approved on the WSUS server.
/wi

Show all updates even if not approved on the WSUS server.
/nvc

Do not check for a new version of MBSA.
/o
filename
Output XML file name template.
Default: %D% - %C% (%T%).
/qp

Don't display scan progress.
/qt

Don't display the report by default following a single-computer scan.
/qe

Don't display error list.
/qr

Don't display report list.
/q

Do not display any of the preceding items.
/unicode

Output Unicode.
/u
username
Scan using the specified username.
/p
password
Scan using the specified password.
/catalog
filename
Specifies the data source that contains the available security update information.
/ia

Updates the prerequisite Windows Update Agent components during a scan.
/mu

Configures computers to use the Microsoft Update site for scanning.
/nd

Do not download any files from the Microsoft Web site when scanning.
/xmlout

Run in updates only mode using only mbsacli.exe and wusscan.dll. Only these switches can be used with this option:/catalog, /wa, /wi, /nvc, /unicode
/l

List all reports available.
/ls

List reports from the latest scan.
/lr
filename
Display overview report.
/ld
filename
Display detailed report.
/rd
directory
Save or Retrieve reports from the specified directory.
/?

Display this help/usage.

執行MBSACLI 且不帶參數將會掃描本機電腦並進行全面檢查和顯示報告於文字模式

使用範例:
    MBSACLI
    MBSACLI /n Password+IIS+OS+SQL
    MBSACLI /d MyDomain
    MBSACLI /target 200.0.0.1
    MBSACLI /r 200.0.0.1-200.0.0.50
    MBSACLI /listfile export.txt
    MBSACLI /ld "Domain - Computer (03-01-2002 12-00 AM)"
    MBSACLI >c:\results.txt
    MBSACLI /catalog c:\wsusscn2.cab /ia /nvc
    MBSACLI /wa
    MBSACLI /xmlout /catalog c:\temp\wsusscn2.cab /unicode >results.xml
    MBSACLI /l /rd \\RemoteMachine\reports
    MBSACLI /cabpath \\RemoteMachine\cabs


這邊的掃描範例
MBSACLI /target x.x.x.x(您要掃描的IP) /n Password+IIS+OS+SQL

掃描結果



離線掃描

如果您的環境不允許直接上網更新,可以先將更新檔下載回來,掃描時在指向更新檔就可以了。

使用UI的方式掃描,要先去微軟下載wsusscn2.cab
wsusscn2.cab下載網址:
http://download.windowsupdate.com/microsoftupdate/v6/wsusscan/wsusscn2.cab

在將下載的檔案放到C:\Users\<Username>\AppData\Local\Microsoft\MBSA\Cache




掃描時選擇Scan using offline catalog only

如果要使用CLI的方式掃描,一樣要先去微軟下載wsusscn2.cab

語法如下,請自行修改紅字部分,指向到下載的完整路徑
MBSACLI /xmlout /catalog c:\temp\wsusscn2.cab /unicode > results.xml
下一篇文章
« 上一篇文章
上一篇文章
下一篇文章 »