tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Debugging

This commit is contained in:
Enrique Martin 2024-04-09 14:12:18 +02:00
parent ffef2e0e10
commit db0ca68b81
1 changed files with 7 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pandora_agents/plugins/windows/pandora_security_win/src/pandora_security_win.py
View File

@ -4,7 +4,6 @@ import wmi, sys, winreg, os, subprocess, json, re
from datetime import datetime, timedelta from datetime import datetime, timedelta
import argparse import argparse
import configparser import configparser
import locale
## Define modules ## Define modules
modules=[] modules=[]
@ -340,26 +339,16 @@ def check_password_enforcement():
def check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_conf, auditpol_logon_noaudit_conf): def check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_conf, auditpol_logon_noaudit_conf):
try: try:
# Run the auditpol command to check the audit policy for Logon/Logoff # Run the auditpol command to check the audit policy for Logon/Logoff
cmd_command = f'auditpol /get /subcategory:"{auditpol_logon_category.encode("utf-8").decode("utf-8")}"' cmd_command = f'auditpol /get /subcategory:"{auditpol_logon_category}"'
result = subprocess.run(cmd_command, shell=True, capture_output=True, text=False, check=True) result = subprocess.run(cmd_command, shell=True, capture_output=True, text=False, check=True)
stdout = result.stdout.decode('cp850', errors='replace')
print(result.stdout) last_line = stdout.strip().split('\n')[-1]
print(auditpol_logon_success_conf)
last_line = result.stdout.strip().split('\n')[-1].strip()
last_line_parts = re.split(r'\s\s+', last_line)
cleaned_line = re.sub(' +', ' ', last_line) cleaned_line = re.sub(' +', ' ', last_line)
print(locale.getpreferredencoding())
print(last_line_parts[1])
print(last_line_parts[1].encode(locale.getpreferredencoding()))
print(auditpol_logon_success_conf)
print(auditpol_logon_success_conf.encode(locale.getpreferredencoding()))
# Interpret the result # Interpret the result
if auditpol_logon_success_conf.encode(locale.getpreferredencoding()) == last_line_parts[1].encode(locale.getpreferredencoding()): if auditpol_logon_success_conf in stdout:
result = 1 result = 1
elif auditpol_logon_noaudit_conf.encode(locale.getpreferredencoding()) == last_line_parts[1].encode(locale.getpreferredencoding()): elif auditpol_logon_noaudit_conf in stdout:
result = 0 result = 0
else: else:
print("Unable to determine audit policy for Logon/Logoff events.", file=sys.stderr) print("Unable to determine audit policy for Logon/Logoff events.", file=sys.stderr)
@ -369,7 +358,7 @@ def check_login_audit_policy(auditpol_logon_category, auditpol_logon_success_con
"type" : "generic_proc", "type" : "generic_proc",
"value": result, "value": result,
"module_group": "security", "module_group": "security",
"desc" : f"Check if the logon events audit log is enables, status: {cleaned_line}", "desc" : f"Check if the logon events audit log is enables, status:{cleaned_line}",
}) })
except subprocess.CalledProcessError as e: except subprocess.CalledProcessError as e:
@ -393,7 +382,7 @@ if __name__ == "__main__":
if(args.conf): if(args.conf):
try: try:
with open(args.conf, 'r', encoding=locale.getpreferredencoding()) as f: with open(args.conf, 'r', encoding='utf-8') as f:
content = f.read() content = f.read()
config.read_string('[CONF]\n' + content) config.read_string('[CONF]\n' + content)
except Exception as e: except Exception as e: