inspec/lib/resources/security_policy.rb

71 lines
1.6 KiB
Ruby
Raw Normal View History

2015-09-03 18:36:46 +00:00
# encoding: utf-8
# Security Configuration and Analysis
#
# Export local security policy:
# secedit /export /cfg secpol.cfg
#
# @link http://www.microsoft.com/en-us/download/details.aspx?id=25250
#
# In Windows, some security options are managed differently that the local GPO
# All local GPO parameters can be examined via Registry, but not all security
# parameters. Therefore we need a combination of Registry and secedit output
class SecurityPolicy < Vulcano.resource(1)
name 'security_policy'
2015-07-26 10:30:12 +00:00
def initialize
@loaded = false
@policy = nil
@exit_status = nil
end
2015-07-26 10:30:12 +00:00
# load security content
def load
# export the security policy
vulcano.command('secedit /export /cfg win_secpol.cfg')
2015-07-26 10:30:12 +00:00
# store file content
command_result ||= vulcano.command('type win_secpol.cfg')
2015-07-26 10:30:12 +00:00
# delete temp file
vulcano.command('del win_secpol.cfg')
2015-07-26 10:30:12 +00:00
@exit_status = command_result.exit_status.to_i
@policy = command_result.stdout
@loaded = true
2015-07-26 10:30:12 +00:00
# returns self
self
end
2015-07-26 10:30:12 +00:00
def method_missing(method)
# load data if needed
if (@loaded == false)
2015-07-26 10:30:12 +00:00
load
end
2015-07-26 10:30:12 +00:00
# find line with key
key = Regexp.escape(method.to_s)
2015-09-03 21:18:28 +00:00
target = ''
@policy.each_line {|s|
target = s.strip if s.match(/^\s*#{key}\s*=\s*(.*)\b/)
2015-07-26 10:30:12 +00:00
}
# extract variable value
result = target.match(/[=]{1}\s*(?<value>.*)/)
if !result.nil?
val = result[:value]
val = val.to_i if val.match(/^\d+$/)
else
2015-09-04 07:59:30 +00:00
# TODO: we may need to return skip or failure if the
2015-07-26 10:30:12 +00:00
# requested value is not available
val = nil
end
2015-07-26 10:30:12 +00:00
val
end
2015-07-26 10:30:12 +00:00
def to_s
2015-09-05 14:07:54 +00:00
%{Security Policy}
2015-07-26 10:30:12 +00:00
end
end