Releases: TheAbider/RackStack
Releases · TheAbider/RackStack
RackStack v1.44.0
What's New
- FirewallAudit CLI action —
RackStack.exe -Action FirewallAudit -OutputFormat JSONaudits Windows Firewall configuration: profile status (Domain/Private/Public), rule counts by direction and action, top inbound allow groups. Flags disabled profiles and permissive Public profile settings. Exits code 1 when firewall issues detected. - TaskAudit CLI action —
RackStack.exe -Action TaskAudit -OutputFormat JSONaudits non-Microsoft scheduled tasks for health. Reports task state, last run time, and result code. Classifies each task as OK (exit 0), Failed (non-zero exit excluding running/queued), or NeverRun. Exits code 1 when failed tasks detected. - Performance: Invoke-WithTimeout rewritten to use runspaces instead of Start-Job — eliminates process-spawn overhead on all ~50 timeout-wrapped operations. Server Readiness Dashboard and other CIM queries now start instantly instead of waiting for job initialization.
- Hardened: FirewallAudit logs a warning when firewall rule enumeration fails instead of silently swallowing the error. TaskAudit shows an informational message when no non-Microsoft scheduled tasks exist, and uses safe
@()count wrapping for PowerShell 5.1 compatibility.
35 CLI actions | 65 modules | 56,260 lines | 3,253 tests | 0 PSSA errors
SHA256 Checksums
f6129a26ad235cb11f7b72e192891f7dd396687ceeb33d46ac44f84382f5c0ae RackStack.exe
87493e34d91f38e5f7a2ef96a74f905447c642dc1c88ab5046fc5deed1b67df3 RackStack v1.44.0.ps1
8440505dbf510bf25c11a17576b577ec3df6ce2b7203c31b62e6c765a4381907 defaults.example.json
RackStack v1.43.0
What's New
- PatchStatus — Reports patch currency via hotfix history and Windows Update query. Classifies as OK (under 30 days), Warning (30-60 days), or Critical (60+ days). Detects pending reboots. Exits code 1 on Critical or pending reboot — usable as a compliance gate.
- UserAudit — Audits all local user accounts for security hygiene. Detects stale accounts, old/expired passwords, never-logged-in users, and Administrators group membership. Configurable thresholds. Exits code 1 when issues detected.
Usage
# Check patch currency
RackStack.exe -Action PatchStatus -OutputFormat JSON -Silent
# Audit local users with custom thresholds (pwd age 180 days, stale login 60 days)
RackStack.exe -Action UserAudit -Config "180,60" -OutputFormat JSON -Silent
# Fleet-wide patch check
RackStack.exe -Action FleetScan -Config "fleet-patchstatus.json" -OutputFormat JSONStats
- 65 modules, 3214 tests, 56045-line monolithic, 33 CLI actions
SHA256 Checksums
6bc2051bf93c900103707696c54385033d5ec26ac5be8f14e572e0c68e64d28d RackStack.exe
4857c7aa2f2ab274642ec73179248175e15d35aaae8c6f80785e682af8d1daa0 RackStack v1.43.0.ps1
8440505dbf510bf25c11a17576b577ec3df6ce2b7203c31b62e6c765a4381907 defaults.example.json
RackStack v1.42.0
What's New
- Alert — Detect threshold breaches or configuration drift, then dispatch notifications via webhook (Slack, Teams, generic JSON POST), email (SMTP), or Windows Event Log. Sub-commands: Watch (default), Diff, Test.
- FleetScan — Execute any RackStack action across multiple remote servers via WinRM. Configurable parallelism, per-host timeout, and optional result persistence. Turns any single-server CLI action into a fleet-wide operation.
Usage
# Alert: notify on Watch threshold breaches
RackStack.exe -Action Alert -Config "alert-config.json" -OutputFormat JSON
# Alert: notify on Diff changes
RackStack.exe -Action Alert -Config "alert-config.json" -Tier Diff -OutputFormat JSON
# Alert: send test notification
RackStack.exe -Action Alert -Config "alert-config.json" -Tier Test
# FleetScan: run Watch across fleet
RackStack.exe -Action FleetScan -Config "fleet-config.json" -OutputFormat JSONStats
- 65 modules, 3184 tests, 55806-line monolithic, 31 CLI actions
SHA256 Checksums
296cb7609333c42f4e504349e03e822032f943bbe36ac2ac35736b66f59b0cce RackStack.exe
eaff9d52c518e42c18107a264c292d435d97cbf7abf223166253db6c231dba42 RackStack v1.42.0.ps1
8440505dbf510bf25c11a17576b577ec3df6ce2b7203c31b62e6c765a4381907 defaults.example.json
RackStack v1.41.0
What's New
- Diff — Deep-diff two Export JSON profiles across 8 sections (Software, ListeningPorts, Services, Certificates, Network, Hardening, Health, Uptime). Exits code 1 when changes detected, making it a CI/pipeline drift gate.
- Baseline — Capture a full Export profile as a timestamped baseline file. Sub-commands: Save (default), Status. Pairs with Diff for change detection against known-good state.
Usage
# Capture baseline
RackStack.exe -Action Baseline -Config "C:\baselines" -Silent
# Check baseline status
RackStack.exe -Action Baseline -Config "C:\baselines" -Tier Status -OutputFormat JSON
# Diff two exports
RackStack.exe -Action Diff -Config "old_export.json,new_export.json" -OutputFormat JSONStats
- 65 modules, 3110 tests, 55214-line monolithic, 29 CLI actions
SHA256 Checksums
7ff27a2362273ed8875b52bd7480bed3a5734cf26c2e4782b508040357a0fdd3 RackStack.exe
a2b5fcf80bd03a5eaa320cacea60b7af594ece32ac71070b26ba6527740ad822 RackStack v1.41.0.ps1
8440505dbf510bf25c11a17576b577ec3df6ce2b7203c31b62e6c765a4381907 defaults.example.json
v1.40.0 — Watch + Query
What's New
- Watch CLI action — threshold-based monitoring health gate (CPU, memory, disk, uptime, certificates, services, events)
- Query CLI action — search fleet export archives with expression syntax
See Changelog for details.
See CLI Automation wiki for usage.
SHA256 Checksums
564fa32645874e77729944aa948f4e69609c502388964eed91da9cc06776fe2d RackStack.exe
384c5d4a659af4be67000914b00b03933ef6ae2f5479247b2dc70572f5394b68 RackStack v1.40.0.ps1
8440505dbf510bf25c11a17576b577ec3df6ce2b7203c31b62e6c765a4381907 defaults.example.json
27 CLI actions | 65 modules | 3048 tests | 54819 monolithic lines
v1.39.0 — ScheduledExport + ValidateConfig
What's New
- ScheduledExport CLI action — register automated Export scheduled tasks (Hourly/Daily/Weekly) with optional section filtering
- ValidateConfig CLI action — pre-flight validation of batch config JSON files
See Changelog for details.
See CLI Automation wiki for usage.
SHA256 Checksums
0858e5bdadab631b3d76bc5f3818b8c32d44a734574dbf9abe84415f12aff7b5 RackStack.exe
647d01c20e232918a27afbdf017101965769171db36b94da397aaea3fb5aac1c RackStack v1.39.0.ps1
8440505dbf510bf25c11a17576b577ec3df6ce2b7203c31b62e6c765a4381907 defaults.example.json
25 CLI actions | 65 modules | 3001 tests | 54395 monolithic lines
RackStack v1.38.0
Export: 11-Section Profile + Section Filtering
Expanded Export (11 sections)
Export now captures a complete server profile in a single command. Three new sections added:
| Section | Data |
|---|---|
| Services | Key service status audit (configurable via defaults.json MonitoredServices) |
| Events | Critical/Error event log summary from last 24 hours |
| Network | Adapter configuration: IPv4, gateway, DNS, VLAN, NIC error counters |
Section Filtering via -Config
Run only the sections you need:
# Full 11-section export (default)
.\RackStack.exe -Action Export -OutputFormat JSON
# Quick security audit
.\RackStack.exe -Action Export -Config "Hardening,Certificates,ListeningPorts,Services" -OutputFormat JSON
# Network-only
.\RackStack.exe -Action Export -Config "Network,NetInfo" -OutputFormat JSONValid sections: Health, Inventory, Hardening, Snapshot, Certificates, ListeningPorts, Software, Uptime, Services, Events, Network
The JSON output now includes a Sections array showing which sections were included, and only contains keys for the sections that were run.
65 modules, 23 CLI actions, 2962 tests.
SHA256 Checksums
a243befaca5bd74f077e2ba7d488843909c7b2c5ac25f9cd6d3fbcd98f376cc0 RackStack.exe
09dace7facd74a2251d5f4063be3df7d241e781d98b1197934743d22fdd545b6 RackStack v1.38.0.ps1
8440505dbf510bf25c11a17576b577ec3df6ce2b7203c31b62e6c765a4381907 defaults.example.json
RackStack v1.37.0
ServiceAudit, EventAudit, NetInfo — Fleet Monitoring & Network Visibility
Three new CLI actions for fleet-wide monitoring and network configuration auditing:
ServiceAudit
Audits key Windows services against a configurable monitored service list (from defaults.json or built-in fallback). Reports status, startup type, and flags misconfigured services (Automatic but Stopped). Exits with code 1 when any automatic service is not running — suitable for monitoring/alerting pipelines.
.\RackStack.exe -Action ServiceAudit -OutputFormat JSONEventAudit
Scans System and Application event logs for Critical (Level 1) and Error (Level 2) events. Configurable time window via -Config <hours> (default: 24h). Groups errors by source for quick triage.
.\RackStack.exe -Action EventAudit -Config 48 -OutputFormat JSONNetInfo
Captures network adapter configuration: status, link speed, IPv4 addresses with prefix length, gateway, DNS servers, VLAN ID, and NIC error counters (InErrors/OutErrors). Fast network audit without full Inventory overhead.
.\RackStack.exe -Action NetInfo -OutputFormat JSON65 modules, 23 CLI actions, 2963 tests.
SHA256 Checksums
cf10f0415a7ac6d3cafd001944f6d9d8813e0490f908732979dff608bc2dc3b9 RackStack.exe
8b7524e246d88e9a49bdc3f97bacf88b83d1a24850a580fd0a8a93389c6edb00 RackStack v1.37.0.ps1
8440505dbf510bf25c11a17576b577ec3df6ce2b7203c31b62e6c765a4381907 defaults.example.json
RackStack v1.36.0
Enhanced Export: Comprehensive 8-Section Server Profile
Export CLI action expanded from 4 to 8 sections. A single -Action Export -OutputFormat JSON now captures a complete host profile in one pass:
- Health — system health check
- Inventory — server hardware, OS, roles, volumes
- Hardening — CIS-lite security posture score + per-check details
- Snapshot — real-time CPU, memory, disk performance counters
- Certificates — expiry audit across 5 stores (Expired/Critical/Warning/Expiring/Valid)
- ListeningPorts — TCP listeners with process names and service labels
- Software — installed software from both 64-bit and 32-bit registry hives
- Uptime — CIM uptime with status classification + reboot history (planned + unexpected)
65 modules, 2923 tests.
SHA256 Checksums
9ffa8d6b2f277741c201d8f5b74a41f9517d6095ba3ad9b9cdda04ac5822f284 RackStack.exe
d344a47bf87a4d5bc1ca4a3464e4b77136194be490837ac696e9c242cbc2e24a RackStack v1.36.0.ps1
8440505dbf510bf25c11a17576b577ec3df6ce2b7203c31b62e6c765a4381907 defaults.example.json
v1.35.0 — Fleet Visibility (ListeningPorts + SoftwareList + Uptime)
RackStack v1.35.0
ListeningPorts + SoftwareList + Uptime CLI actions — fleet visibility and security auditing.
What's New
- ListeningPorts action — scans all TCP listening endpoints with process mapping and well-known service labels (RDP, SMB, WinRM, DNS, HTTP, HTTPS, MSSQL, iSCSI). Fleet-wide attack surface monitoring.
- SoftwareList action — installed software inventory from both 64-bit and 32-bit registry hives. Deduplicates entries, groups by publisher. Detect rogue installs and verify compliance across fleets.
- Uptime action — current uptime with status classification (OK/Warning/Critical) plus reboot history from Windows event log. Detects planned restarts (Event ID 1074) and unexpected shutdowns (Event ID 6008).
CLI Usage
# Listening port inventory
RackStack.exe -Action ListeningPorts -OutputFormat JSON -Silent
# Installed software audit
RackStack.exe -Action SoftwareList -OutputFormat JSON -Silent
# Uptime and reboot history
RackStack.exe -Action Uptime -OutputFormat JSON -SilentStats
- 20 CLI actions: Cleanup, Debloat, HealthCheck, QuickScan, Inventory, DriftCheck, Snapshot, Compliance, Harden, Remediate, Aggregate, Compare, Export, Trend, CertCheck, ReportHTML, ListeningPorts, SoftwareList, Uptime, Batch
- 2910 tests (all passing)
- 65 modules
SHA256 Checksums
ea9f8ff36535652cde307bb30bae64b48c929e61c05ef3a600cd87d5cdd7138a RackStack.exe
ac40cf9c6869a2eda970f69eaf815c6030f07628ff073b5282ebb0d45cf7dbc0 RackStack v1.35.0.ps1
8440505dbf510bf25c11a17576b577ec3df6ce2b7203c31b62e6c765a4381907 defaults.example.json