Merge branch 'ent-12678-plugin-pandora_basic_security_win-exe-no-genera-modulo-de-eventos-logon-en-idiomas-que-no' into 'develop'
Support languages for pandora_security_win auditpol See merge request artica/pandorafms!7132
This commit is contained in:
commit
99efffa190
|
@ -1,6 +1,9 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
import wmi, sys, winreg, os, subprocess, json, re
|
import wmi, sys, winreg, os, subprocess, json, re
|
||||||
from datetime import datetime, timedelta
|
from datetime import datetime, timedelta
|
||||||
|
import argparse
|
||||||
|
import configparser
|
||||||
|
|
||||||
## Define modules
|
## Define modules
|
||||||
modules=[]
|
modules=[]
|
||||||
|
@ -333,22 +336,19 @@ def check_password_enforcement():
|
||||||
print("Failed to check password enforcement for users.", file=sys.stderr)
|
print("Failed to check password enforcement for users.", file=sys.stderr)
|
||||||
|
|
||||||
|
|
||||||
def check_login_audit_policy():
|
def check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_conf, auditpol_logon_noaudit_conf):
|
||||||
try:
|
try:
|
||||||
# Run the auditpol command to check the audit policy for Logon/Logoff
|
# Run the auditpol command to check the audit policy for Logon/Logoff
|
||||||
cmd_command = "auditpol /get /subcategory:Logon"
|
cmd_command = f'auditpol /get /subcategory:"{auditpol_logon_category}"'
|
||||||
result = subprocess.run(cmd_command, shell=True, capture_output=True, text=True, check=True)
|
result = subprocess.run(cmd_command, shell=True, capture_output=True, text=False, check=True)
|
||||||
last_line = result.stdout.strip().split('\n')[-1]
|
stdout = result.stdout.decode('cp850', errors='replace')
|
||||||
|
last_line = stdout.strip().split('\n')[-1]
|
||||||
cleaned_line = re.sub(' +', ' ', last_line)
|
cleaned_line = re.sub(' +', ' ', last_line)
|
||||||
|
|
||||||
# Interpret the result
|
# Interpret the result
|
||||||
if "Success and Failure" in result.stdout:
|
if auditpol_logon_success_conf in stdout:
|
||||||
result = 1
|
result = 1
|
||||||
elif "Aciertos y errores" in result.stdout:
|
elif auditpol_logon_noaudit_conf in stdout:
|
||||||
result = 1
|
|
||||||
elif "No Auditing" in result.stdout:
|
|
||||||
result = 0
|
|
||||||
elif "Sin auditoría" in result.stdout:
|
|
||||||
result = 0
|
result = 0
|
||||||
else:
|
else:
|
||||||
print("Unable to determine audit policy for Logon/Logoff events.", file=sys.stderr)
|
print("Unable to determine audit policy for Logon/Logoff events.", file=sys.stderr)
|
||||||
|
@ -366,14 +366,38 @@ def check_login_audit_policy():
|
||||||
print("Failed to check audit policy using auditpol command.", file=sys.stderr)
|
print("Failed to check audit policy using auditpol command.", file=sys.stderr)
|
||||||
return
|
return
|
||||||
|
|
||||||
|
def parse_parameter(config=None, key="", default=""):
|
||||||
|
try:
|
||||||
|
return config.get("CONF", key)
|
||||||
|
except Exception as e:
|
||||||
|
return default
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
|
||||||
|
# Parse arguments
|
||||||
|
parser = argparse.ArgumentParser(description= "", formatter_class=argparse.RawTextHelpFormatter)
|
||||||
|
parser.add_argument('--conf', help='Path to configuration file', metavar='<conf_file>', required=False)
|
||||||
|
args = parser.parse_args()
|
||||||
|
config = configparser.ConfigParser()
|
||||||
|
|
||||||
|
if(args.conf):
|
||||||
|
try:
|
||||||
|
with open(args.conf, 'r', encoding='utf-8') as f:
|
||||||
|
content = f.read()
|
||||||
|
config.read_string('[CONF]\n' + content)
|
||||||
|
except Exception as e:
|
||||||
|
print("Error while reading configuration file, using default values: "+str(e), file=sys.stderr)
|
||||||
|
|
||||||
|
auditpol_logon_category = parse_parameter(config, "auditpol_logon_category", "Logon")
|
||||||
|
auditpol_logon_success_conf = parse_parameter(config, "auditpol_logon_success_conf", "Success and Failure")
|
||||||
|
auditpol_logon_noaudit_conf = parse_parameter(config, "auditpol_logon_noaudit_conf", "No Auditing")
|
||||||
|
|
||||||
check_antivirus_status()
|
check_antivirus_status()
|
||||||
check_locksreen_enables()
|
check_locksreen_enables()
|
||||||
get_windows_update_info()
|
get_windows_update_info()
|
||||||
is_firewall_enabled()
|
is_firewall_enabled()
|
||||||
check_password_enforcement()
|
check_password_enforcement()
|
||||||
check_login_audit_policy()
|
check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_conf, auditpol_logon_noaudit_conf)
|
||||||
|
|
||||||
for module in modules:
|
for module in modules:
|
||||||
print_module(module, True)
|
print_module(module, True)
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
auditpol_logon_category = Logon
|
||||||
|
#auditpol_logon_category = Inicio de sesión
|
||||||
|
|
||||||
|
auditpol_logon_success_conf = Success and Failure
|
||||||
|
#auditpol_logon_success_conf = Aciertos y errores
|
||||||
|
|
||||||
|
auditpol_logon_noaudit_conf = No Auditing
|
||||||
|
#auditpol_logon_noaudit_conf = Sin auditoría
|
|
@ -1,3 +1,3 @@
|
||||||
version https://git-lfs.github.com/spec/v1
|
version https://git-lfs.github.com/spec/v1
|
||||||
oid sha256:c58891fbd16bf80f288e0ff4751801aa02dbf4e6c914625b4d49a364c7e0b511
|
oid sha256:293dc77d39c303793a73bf83a2698c5886331f24b8abed4a40566474a64e3f60
|
||||||
size 7829249
|
size 7735667
|
||||||
|
|
Loading…
Reference in New Issue