tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Debugging

This commit is contained in:
Enrique Martin 2024-04-08 13:44:48 +02:00
parent 96243ab530
commit 85167b2d47
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py
View File

@ -341,13 +341,14 @@ def check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_con
# Run the auditpol command to check the audit policy for Logon/Logoff
cmd_command = f'auditpol /get /subcategory:"{auditpol_logon_category}"'
result = subprocess.run(cmd_command, shell=True, capture_output=True, text=True, check=True)
last_line = result.stdout.encode(sys.getdefaultencoding()).decode('utf-8').strip().split('\n')[-1].strip()
last_line = result.stdout.strip().split('\n')[-1].strip()
last_line_parts = re.split(r'\s\s+', last_line)
cleaned_line = re.sub(' +', ' ', last_line)
# Interpret the result
if auditpol_logon_success_conf.encode(sys.getdefaultencoding()).decode('utf-8') in result.stdout:
if auditpol_logon_success_conf.encode(sys.getdefaultencoding()) == last_line_parts[1].encode(sys.getdefaultencoding()):
result = 1
elif auditpol_logon_noaudit_conf.encode(sys.getdefaultencoding()).decode('utf-8') in result.stdout:
elif auditpol_logon_noaudit_conf.encode(sys.getdefaultencoding()) == last_line_parts[1].encode(sys.getdefaultencoding()):
result = 0
else:
print("Unable to determine audit policy for Logon/Logoff events.", file=sys.stderr)
@ -381,7 +382,7 @@ if __name__ == "__main__":
if(args.conf):
try:
with open(args.conf, 'r', encoding='utf-8') as f:
with open(args.conf, 'r', encoding=sys.getdefaultencoding()) as f:
content = f.read()
config.read_string('[CONF]\n' + content)
except Exception as e: