Merge branch 'ent-12678-plugin-pandora_basic_security_win-exe-no-genera-modulo-de-eventos-logon-en-idiomas-que-no' into 'develop'

Support languages for pandora_security_win auditpol See merge request artica/pandorafms!7132
2024-04-10 08:11:16 +00:00 · 2024-04-10 08:11:16 +00:00 · 99efffa190
parent 2593241f66 34d9f66493
commit 99efffa190
3 changed files with 46 additions and 14 deletions
--- a/pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py
+++ b/pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py
@ -1,6 +1,9 @@
+# -*- coding: utf-8 -*-
+
 import wmi, sys, winreg, os, subprocess, json, re
 from datetime import datetime, timedelta
-
+import argparse
+import configparser

 ## Define modules
 modules=[]
@ -333,22 +336,19 @@ def check_password_enforcement():
        print("Failed to check password enforcement for users.",  file=sys.stderr)


-def check_login_audit_policy():
+def check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_conf, auditpol_logon_noaudit_conf):
    try:
        # Run the auditpol command to check the audit policy for Logon/Logoff
-        cmd_command = "auditpol /get /subcategory:Logon"
-        result = subprocess.run(cmd_command, shell=True, capture_output=True, text=True, check=True)
-        last_line = result.stdout.strip().split('\n')[-1]
+        cmd_command = f'auditpol /get /subcategory:"{auditpol_logon_category}"'
+        result = subprocess.run(cmd_command, shell=True, capture_output=True, text=False, check=True)
+        stdout = result.stdout.decode('cp850', errors='replace')
+        last_line = stdout.strip().split('\n')[-1]
        cleaned_line = re.sub(' +', ' ', last_line)
        
        # Interpret the result
-        if "Success and Failure" in result.stdout:
+        if auditpol_logon_success_conf in stdout:
            result = 1
-        elif "Aciertos y errores" in result.stdout:
-            result = 1
-        elif "No Auditing" in result.stdout:
-            result = 0
-        elif "Sin auditoría" in result.stdout:
+        elif auditpol_logon_noaudit_conf in stdout:
            result = 0
        else:
            print("Unable to determine audit policy for Logon/Logoff events.", file=sys.stderr)
@ -366,14 +366,38 @@ def check_login_audit_policy():
        print("Failed to check audit policy using auditpol command.", file=sys.stderr)
        return

+def parse_parameter(config=None, key="", default=""):
+    try:
+        return config.get("CONF", key)
+    except Exception as e:
+        return default

 if __name__ == "__main__":
+
+    # Parse arguments
+    parser = argparse.ArgumentParser(description= "", formatter_class=argparse.RawTextHelpFormatter)
+    parser.add_argument('--conf', help='Path to configuration file', metavar='<conf_file>', required=False)
+    args = parser.parse_args()
+    config = configparser.ConfigParser()
+
+    if(args.conf):
+        try:
+            with open(args.conf, 'r', encoding='utf-8') as f:
+                content = f.read()
+                config.read_string('[CONF]\n' + content)
+        except Exception as e:
+            print("Error while reading configuration file, using default values: "+str(e), file=sys.stderr)
+
+    auditpol_logon_category     = parse_parameter(config, "auditpol_logon_category", "Logon")
+    auditpol_logon_success_conf = parse_parameter(config, "auditpol_logon_success_conf", "Success and Failure")
+    auditpol_logon_noaudit_conf = parse_parameter(config, "auditpol_logon_noaudit_conf", "No Auditing")
+
    check_antivirus_status()
    check_locksreen_enables()
    get_windows_update_info()
    is_firewall_enabled()
    check_password_enforcement()
-    check_login_audit_policy()
+    check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_conf, auditpol_logon_noaudit_conf)

    for module in modules:
        print_module(module, True)
--- a/pandora_agents/win32/bin/util/pandora_security_win.conf
+++ b/pandora_agents/win32/bin/util/pandora_security_win.conf
@ -0,0 +1,8 @@
+auditpol_logon_category = Logon
+#auditpol_logon_category = Inicio de sesión
+
+auditpol_logon_success_conf = Success and Failure
+#auditpol_logon_success_conf = Aciertos y errores
+
+auditpol_logon_noaudit_conf = No Auditing
+#auditpol_logon_noaudit_conf = Sin auditoría
--- a/pandora_agents/win32/bin/util/pandora_security_win.exe
+++ b/pandora_agents/win32/bin/util/pandora_security_win.exe
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:c58891fbd16bf80f288e0ff4751801aa02dbf4e6c914625b4d49a364c7e0b511
-size 7829249
+oid sha256:293dc77d39c303793a73bf83a2698c5886331f24b8abed4a40566474a64e3f60
+size 7735667