tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 16:24:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Debugging

Browse Source
This commit is contained in:
Enrique Martin 2024-04-08 12:43:33 +02:00
parent 6725bb6da6
commit d46533e9d7
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py
View File

@ -340,8 +340,9 @@ def check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_con
try: try:
# Run the auditpol command to check the audit policy for Logon/Logoff # Run the auditpol command to check the audit policy for Logon/Logoff
cmd_command = f'auditpol /get /subcategory:"{auditpol_logon_category}"' cmd_command = f'auditpol /get /subcategory:"{auditpol_logon_category}"'
result = subprocess.run(cmd_command, shell=True, capture_output=True, text=True, check=True) result = subprocess.run(cmd_command, shell=True, capture_output=True, text=True, check=True, encoding='utf-8')
last_line = result.stdout.strip().split('\n')[-1].strip() last_line = result.stdout.strip().split('\n')[-1].strip()
cleaned_line = re.sub(' +', ' ', last_line)
# Interpret the result # Interpret the result
if auditpol_logon_success_conf in result.stdout: if auditpol_logon_success_conf in result.stdout:
@ -356,7 +357,7 @@ def check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_con
"type" : "generic_proc", "type" : "generic_proc",
"value": result, "value": result,
"module_group": "security", "module_group": "security",
"desc" : f"Check if the logon events audit log is enables, status: {last_line}", "desc" : f"Check if the logon events audit log is enables, status: {cleaned_line}",
}) })
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e: