Andreas/noid-privacy
1
0
Fork 0
mirror of https://github.com/NexusOne23/noid-privacy.git synced 2026-02-07 12:11:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

v2.2.0 - Complete Security Hardening Framework (632 Settings)

Browse source
This commit is contained in:
NexusOne23 2025-12-08 10:32:49 +01:00
commit ba364813ed
195 changed files with 43788 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

54
Modules/_ModuleTemplate/ModuleTemplate.psd1 Normal file
View file

@ -0,0 +1,54 @@
@{
# Script module or binary module file associated with this manifest
RootModule = 'ModuleTemplate.psm1'
# Version number of this module
ModuleVersion = '1.0.0'
# ID used to uniquely identify this module
GUID = '00000000-0000-0000-0000-000000000000'
# Author of this module
Author = 'NexusOne23'
# Company or vendor of this module
CompanyName = 'Open Source Project'
# Copyright statement for this module
Copyright = '(c) 2025 NexusOne23. Licensed under GPL-3.0.'
# Description of the functionality provided by this module
Description = 'Template module for NoID Privacy hardening modules. Implements BACKUP/APPLY/VERIFY/RESTORE pattern.'
# Minimum version of the PowerShell engine required by this module
PowerShellVersion = '5.1'
# Functions to export from this module
FunctionsToExport = @('Invoke-ModuleTemplate')
# Cmdlets to export from this module
CmdletsToExport = @()
# Variables to export from this module
VariablesToExport = @()
# Aliases to export from this module
AliasesToExport = @()
# Private data to pass to the module specified in RootModule/ModuleToProcess
PrivateData = @{
PSData = @{
# Tags applied to this module
Tags = @('Windows11', 'Security', 'Hardening', 'Privacy')
# License URL for this module
LicenseUri = ''
# Project site URL for this module
ProjectUri = ''
# Release notes for this module
ReleaseNotes = 'Initial template version'
}
}
}

54
Modules/_ModuleTemplate/ModuleTemplate.psm1 Normal file
View file

@ -0,0 +1,54 @@
<#
.SYNOPSIS
Module Template for NoID Privacy Framework
.DESCRIPTION
This is a template for creating new hardening modules.
Each module should implement the BACKUP/APPLY/VERIFY/RESTORE pattern
and follow PowerShell 5.1 best practices.
.NOTES
Author: NexusOne23
Version: 1.0.0
Requires: PowerShell 5.1+
.EXAMPLE
Import-Module .\ModuleTemplate.psm1
Invoke-ModuleTemplate -DryRun
#>
# Module-level variables
$script:ModuleName = "ModuleTemplate"
$script:ModuleVersion = "1.0.0"
# Load Public functions
$publicFunctions = Get-ChildItem -Path "$PSScriptRoot\Public" -Filter *.ps1 -Recurse -ErrorAction SilentlyContinue
foreach ($function in $publicFunctions) {
try {
. $function.FullName
Write-Verbose "Loaded public function: $($function.BaseName)"
}
catch {
Write-Error "Failed to load function $($function.FullName): $_"
}
}
# Load Private functions
$privateFunctions = Get-ChildItem -Path "$PSScriptRoot\Private" -Filter *.ps1 -Recurse -ErrorAction SilentlyContinue
foreach ($function in $privateFunctions) {
try {
. $function.FullName
Write-Verbose "Loaded private function: $($function.BaseName)"
}
catch {
Write-Error "Failed to load function $($function.FullName): $_"
}
}
# Export only public functions
if ($publicFunctions) {
$functionNames = $publicFunctions | ForEach-Object { $_.BaseName }
Export-ModuleMember -Function $functionNames
}

49
Modules/_ModuleTemplate/Private/Test-TemplateRequirements.ps1 Normal file
View file

@ -0,0 +1,49 @@
function Test-TemplateRequirements {
<#
.SYNOPSIS
Example private helper function
.DESCRIPTION
Private functions are internal helpers not exposed to users.
They perform validation, data transformation, or other support tasks.
.PARAMETER CheckType
Type of requirement check to perform
.OUTPUTS
Boolean indicating if requirements are met
#>
[CmdletBinding()]
[OutputType([bool])]
param(
[Parameter(Mandatory = $true)]
[ValidateSet("OS", "Permissions", "Services")]
[string]$CheckType
)
try {
switch ($CheckType) {
"OS" {
$osInfo = Get-WindowsVersion
return $osInfo.IsSupported
}
"Permissions" {
return Test-IsAdministrator
}
"Services" {
# Example: Check if required services are available
return $true
}
default {
return $false
}
}
}
catch {
Write-Log -Level ERROR -Message "Requirements check failed" -Module "ModuleTemplate" -Exception $_
return $false
}
}

200
Modules/_ModuleTemplate/Public/Invoke-ModuleTemplate.ps1 Normal file
View file

@ -0,0 +1,200 @@
function Invoke-ModuleTemplate {
<#
.SYNOPSIS
Template function implementing BACKUP/APPLY/VERIFY/RESTORE pattern
.DESCRIPTION
This is a template function showing how to properly implement
the four-phase hardening pattern required for all modules.
.PARAMETER DryRun
Preview changes without applying them
.PARAMETER SkipBackup
Skip backup phase (not recommended)
.PARAMETER SkipVerify
Skip verification phase (not recommended)
.EXAMPLE
Invoke-ModuleTemplate -DryRun
Preview what changes would be made
.EXAMPLE
Invoke-ModuleTemplate
Apply all hardening changes with backup
.OUTPUTS
PSCustomObject with execution results
#>
[CmdletBinding()]
[OutputType([PSCustomObject])]
param(
[Parameter(Mandatory = $false)]
[switch]$DryRun,
[Parameter(Mandatory = $false)]
[switch]$SkipBackup,
[Parameter(Mandatory = $false)]
[switch]$SkipVerify
)
begin {
Write-Log -Level INFO -Message "Starting ModuleTemplate execution" -Module "ModuleTemplate"
$result = [PSCustomObject]@{
ModuleName = "ModuleTemplate"
Success = $true
ChangesApplied = 0
Errors = @()
Warnings = @()
BackupCreated = $false
VerificationPassed = $false
}
}
process {
try {
# ========================================
# PHASE 1: BACKUP
# ========================================
if (-not $SkipBackup -and -not $DryRun) {
Write-Log -Level INFO -Message "PHASE 1: Creating backups" -Module "ModuleTemplate"
try {
# Example: Backup a registry key
$backupFile = Backup-RegistryKey `
-KeyPath "HKLM:\SOFTWARE\Policies\Microsoft\Windows" `
-BackupName "ModuleTemplate_Example"
if ($null -ne $backupFile) {
$result.BackupCreated = $true
Write-Log -Level SUCCESS -Message "Backup created successfully" -Module "ModuleTemplate"
}
else {
$result.Warnings += "Backup creation failed"
Write-Log -Level WARNING -Message "Backup creation failed" -Module "ModuleTemplate"
}
}
catch {
$result.Warnings += "Backup error: $($_.Exception.Message)"
Write-Log -Level WARNING -Message "Backup error" -Module "ModuleTemplate" -Exception $_
}
}
elseif ($DryRun) {
Write-Log -Level INFO -Message "[DRY RUN] Would create backup" -Module "ModuleTemplate"
}
# ========================================
# PHASE 2: APPLY
# ========================================
Write-Log -Level INFO -Message "PHASE 2: Applying changes" -Module "ModuleTemplate"
if ($DryRun) {
Write-Log -Level INFO -Message "[DRY RUN] Would apply the following changes:" -Module "ModuleTemplate"
Write-Log -Level INFO -Message "[DRY RUN] - Example registry key modification" -Module "ModuleTemplate"
Write-Log -Level INFO -Message "[DRY RUN] - Example service configuration" -Module "ModuleTemplate"
}
else {
# Example: Apply a registry setting
$registrySuccess = Set-RegistryValue `
-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Example" `
-Name "ExampleSetting" `
-Value 1 `
-Type "DWord" `
-BackupName "ModuleTemplate_Registry"
if ($registrySuccess) {
$result.ChangesApplied++
Write-Log -Level SUCCESS -Message "Registry setting applied" -Module "ModuleTemplate"
}
else {
$result.Errors += "Failed to apply registry setting"
Write-Log -Level ERROR -Message "Failed to apply registry setting" -Module "ModuleTemplate"
}
# Example: Configure a service
if (Test-ServiceExists -ServiceName "ExampleService") {
$serviceSuccess = Set-ServiceStartupType `
-ServiceName "ExampleService" `
-StartupType "Disabled" `
-BackupName "ModuleTemplate_Service"
if ($serviceSuccess) {
$result.ChangesApplied++
Write-Log -Level SUCCESS -Message "Service configured" -Module "ModuleTemplate"
}
else {
$result.Errors += "Failed to configure service"
Write-Log -Level ERROR -Message "Failed to configure service" -Module "ModuleTemplate"
}
}
}
# ========================================
# PHASE 3: VERIFY
# ========================================
if (-not $SkipVerify) {
Write-Log -Level INFO -Message "PHASE 3: Verifying changes" -Module "ModuleTemplate"
if ($DryRun) {
Write-Log -Level INFO -Message "[DRY RUN] Would verify all settings" -Module "ModuleTemplate"
$result.VerificationPassed = $true
}
else {
# Example: Verify registry setting
$actualValue = Get-RegistryValue `
-Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Example" `
-Name "ExampleSetting" `
-DefaultValue 0
if ($actualValue -eq 1) {
Write-Log -Level SUCCESS -Message "Registry setting verified" -Module "ModuleTemplate"
$result.VerificationPassed = $true
}
else {
$result.VerificationPassed = $false
$result.Errors += "Verification failed: Registry setting not applied correctly"
Write-Log -Level ERROR -Message "Verification failed" -Module "ModuleTemplate"
}
}
}
# ========================================
# PHASE 4: RESTORE (Only if errors occurred)
# ========================================
if ($result.Errors.Count -gt 0 -and -not $DryRun) {
Write-Log -Level WARNING -Message "PHASE 4: Errors detected, initiating rollback" -Module "ModuleTemplate"
# Restore from backup would go here
# This is handled by the Rollback.ps1 module
Write-Log -Level INFO -Message "Run Restore-AllBackups to undo changes" -Module "ModuleTemplate"
}
}
catch {
$result.Success = $false
$result.Errors += $_.Exception.Message
Write-Log -Level ERROR -Message "Module execution failed" -Module "ModuleTemplate" -Exception $_
}
}
end {
# Final status
if ($result.Errors.Count -eq 0) {
Write-Log -Level SUCCESS -Message "ModuleTemplate completed successfully" -Module "ModuleTemplate"
$result.Success = $true
}
else {
Write-Log -Level ERROR -Message "ModuleTemplate completed with errors" -Module "ModuleTemplate"
$result.Success = $false
}
Write-Log -Level INFO -Message "Changes applied: $($result.ChangesApplied)" -Module "ModuleTemplate"
Write-Log -Level INFO -Message "Errors: $($result.Errors.Count)" -Module "ModuleTemplate"
Write-Log -Level INFO -Message "Warnings: $($result.Warnings.Count)" -Module "ModuleTemplate"
return $result
}
}