inspec/lib/resources/audit_policy.rb

# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
# author: Christoph Hartmann
# author: Dominik Richter
# license: All rights reserved

# Advanced Auditing:
# As soon as you start applying Advanced Audit Configuration Policy, legacy policies will be completely ignored.
# reference: https://technet.microsoft.com/en-us/library/cc753632.aspx
# use:
#  - list all categories: Auditpol /list /subcategory:* /r
#  - list parameters: Auditpol /get /category:"System" /subcategory:"IPsec Driver"
#  - list specific parameter: Auditpol /get /subcategory:"IPsec Driver"
#
# @link: http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx
#
# Valid values are:
#
# - "No Auditing"
# - "Not Specified"
# - "Success"
# - "Success and Failure"
# - "Failure"
#
# Further information is available at: https://msdn.microsoft.com/en-us/library/dd973859.aspx
#
# Usage:
#
# describe audit_policy do
#   its('Other Account Logon Events') { should_not eq 'No Auditing' }
# end

class AuditPolicy < Inspec.resource(1)
  name 'audit_policy'

  def method_missing(method)
    key = method.to_s

    # expected result:
    # Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
    # WIN-MB8NINQ388J,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,
    result ||= inspec.command("Auditpol /get /subcategory:'#{key}' /r").stdout

    # find line
    target = nil
    result.each_line {|s|
      target = s.strip if s.match(/\b.*#{key}.*\b/)
    }

    # extract value
    values = nil
    unless target.nil?
      # split csv values and return value
      values = target.split(',')[4]
    end

    values
  end

  def to_s
    'Audit Policy'
  end
end
update copyright header 2015-07-15 13:15:18 +00:00			`# encoding: utf-8`
			`# copyright: 2015, Vulcano Security GmbH`
add author header 2015-10-06 16:55:44 +00:00			`# author: Christoph Hartmann`
			`# author: Dominik Richter`
update copyright header 2015-07-15 13:15:18 +00:00			`# license: All rights reserved`

optimize comments for audit_policy resource 2015-09-05 20:45:43 +00:00			`# Advanced Auditing:`
migrate all of audit Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:04:52 +00:00			`# As soon as you start applying Advanced Audit Configuration Policy, legacy policies will be completely ignored.`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00			`# reference: https://technet.microsoft.com/en-us/library/cc753632.aspx`
migrate all of audit Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:04:52 +00:00			`# use:`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00			`# - list all categories: Auditpol /list /subcategory:* /r`
			`# - list parameters: Auditpol /get /category:"System" /subcategory:"IPsec Driver"`
			`# - list specific parameter: Auditpol /get /subcategory:"IPsec Driver"`
migrate all of audit Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:04:52 +00:00			`#`
			`# @link: http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx`
optimize comments for audit_policy resource 2015-09-05 20:45:43 +00:00			`#`
			`# Valid values are:`
			`#`
			`# - "No Auditing"`
			`# - "Not Specified"`
			`# - "Success"`
			`# - "Success and Failure"`
			`# - "Failure"`
			`#`
			`# Further information is available at: https://msdn.microsoft.com/en-us/library/dd973859.aspx`
			`#`
			`# Usage:`
			`#`
			`# describe audit_policy do`
			`# its('Other Account Logon Events') { should_not eq 'No Auditing' }`
			`# end`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00
rename vulcanosec -> inspec 2015-10-26 03:04:18 +00:00			`class AuditPolicy < Inspec.resource(1)`
migrate all of audit Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:04:52 +00:00			`name 'audit_policy'`
refactor audit policy 2015-07-26 20:43:24 +00:00
			`def method_missing(method)`
			`key = method.to_s`

			`# expected result:`
			`# Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting`
			`# WIN-MB8NINQ388J,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,`
rename vulcanosec -> inspec 2015-10-26 03:04:18 +00:00			`result \|\|= inspec.command("Auditpol /get /subcategory:'#{key}' /r").stdout`
refactor audit policy 2015-07-26 20:43:24 +00:00
			`# find line`
			`target = nil`
migrate all of audit Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:04:52 +00:00			`result.each_line {\|s\|`
refactor audit policy 2015-07-26 20:43:24 +00:00			`target = s.strip if s.match(/\b.#{key}.\b/)`
			`}`

			`# extract value`
lint resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-09-09 16:37:16 +00:00			`values = nil`
			`unless target.nil?`
refactor audit policy 2015-07-26 20:43:24 +00:00			`# split csv values and return value`
lint resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-09-09 16:37:16 +00:00			`values = target.split(',')[4]`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00			`end`

lint resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-09-09 16:37:16 +00:00			`values`
refactor audit policy 2015-07-26 20:43:24 +00:00			`end`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00
refactor audit policy 2015-07-26 20:43:24 +00:00			`def to_s`
add to_s methods to resources, fixes #98 2015-10-12 11:01:58 +00:00			`'Audit Policy'`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00			`end`
			`end`