HFNetChk

 < Day Day Up > 



HotFix Net Check is a command-line tool that has recently become embedded in the Microsoft Baseline Security Analyzer (MBSA). The benefit of HFNetChk is that it can query local and remote systems about their current security patches and compare them with the latest list from Microsoft. It will run under any credentials you specify. So, as a domain administrator, it should be easy to gather information for a majority of the Windows hosts (2000, XP, and 2003) on your network.

Implementation

For those of you most comfortable in the colorful world of GUIs, you can run MBSA and have it query the hotfixes as well as perform other security-related checks. Figure 6-2 shows the simple interface for the GUI.

click to expand
Figure 6-2: MBSA graphical interface

If you wish to run the HFNetChk utility only from the command line, find thembsacli.exe binary from your MBSA install; this is usually in the C:\Program Files\Microsoft Baseline Security Analyzer\ directory on your system. Pass the /hf option to use the HFNetChk functionality. Here is an abbreviated output of the possible options that can be included after the /hf switch:

C:\tools>mbsacli.exe /hf /? Microsoft Baseline Security Analyzer Powered by HFNetChk Technology - Version 3.82.0.1 Copyright (C) Shavlik Technologies, 2001-2003 Developed for Microsoft by Shavlik Technologies, LLC info@shavlik.com (www.shavlik.com)     Version 1.1.1 mbsacli      [-trace] [-h hostname] [-i ipaddress] [-d domainname]              [-n][-r range] [-history level] [-t threads] [-b] [-sus]              [-o output] [-x datasource] [-z] [-v] [-s suppression]              [-nosum] [-sum] [-u username] [-p password] [-f outfile]              [-fh Hostfile] [-fip ipfile] [-about] [-fq Ignorefile] 

The parameter list is described in the following table:

Mbsacli.exe Option

Description

-h hostname

Specifies the NetBIOS machine name to scan.Default is the localhost.

–fh hostfile

Specifies the name of a file containing NetBIOS machine names to scan. One name per line, 256 maximum per file.

–i ipaddress

Specifies the IP address of a machine to scan.

–fip ipfile

Specifies the name of a file containing addresses to scan. One IP address per line, 256 maximum per file.

–fq ignorefile

Specifies the name of a file containing Q numbers to ignore. One Q number per line.

–r range

Specifies the IP address range to be scanned, starting with ipaddress1 and ending with ipaddress2 inclusive.

–d domain name

Specifies the domain name to scan. All machines in the domain will be scanned.

–n network

All systems on the local network will be scanned (i.e., all hosts in Network Neighborhood).

-o <tab|wrap>

Specifies the desired output format.tab outputs in tab delimited format.wrap outputs in a word wrapped format (default).

–x datasource

Specifies the xml datasource containing the hotfix information. Location may be an xml filename, compressed xml cab file, or URL.Default is mssecure.cab from the Microsoft web site.

–z reg checks

Do not perform registry checks.

–nosum checksum

Do not evaluate file checksum. The checksum test calculates the checksum of files. This can use up large amounts of bandwidth. Using this option will speed up a scan and use less bandwidth. File version checks will be still done.

–b baseline

Displays the status of hotfixes required to meet minimum baseline security standards.

-f outfile

Specifies name of the file to save the results.Default is to display to screen.

–u username

Specifies optional username for login to remote computer.

-p password

Specifies password to be used with username.

–sus <filename | server>

Specify a sus text file or a sus url from which to get the sus file.

–sum

Perform file checksum tests. Force checksum tests to be run on non-English language systems. Use only if you have a custom XML file with language-specific checksums.

When you first run mbsacli.exe –hf, the utility attempts to download the mssecure.cab XML file. This XML file is required for HFNetChk to execute; however, you do not need to download it every time it will be run. Use the –x option to point to a downloaded copy of the file, or you can place the XML file on an internal web site and pass a URL to the –x option.

Probably the most important options to HFNetChk from an administrator’s point of view are –x (so that Internet access is not a prerequisite), –u and –p (to carry domain credentials), and –o (to output the data to a tab-delimited file). The tab-delimited file can be imported into an Excel spreadsheet.

If you decide to delve into MBSA and HFNetChk, you will soon realize that both Microsoft-related applications and HFNetChkLite (and professional) from Shavlik technologies are available. HFNetChk began as a Microsoft download (and still is), but Shavlik technologies expanded on its features and grew the tool into a “professional” version that is more robust than the free MS download.



 < Day Day Up > 



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2004
Pages: 189

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net