inspec/lib/resources/audit_policy.rb

# encoding: utf-8
# copyright: 2015, Vulcano Security GmbH
# license: All rights reserved

# Advanced Auditing:
# As soon as you start applying Advanced Audit Configuration Policy, legacy policies will be completely ignored.
# reference: https://technet.microsoft.com/en-us/library/cc753632.aspx
# use:
#  - list all categories: Auditpol /list /subcategory:* /r
#  - list parameters: Auditpol /get /category:"System" /subcategory:"IPsec Driver"
#  - list specific parameter: Auditpol /get /subcategory:"IPsec Driver"
#
# @link: http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx
#
# Valid values are:
#
# - "No Auditing"
# - "Not Specified"
# - "Success"
# - "Success and Failure"
# - "Failure"
#
# Further information is available at: https://msdn.microsoft.com/en-us/library/dd973859.aspx
#
# Usage:
#
# describe audit_policy do
#   its('Other Account Logon Events') { should_not eq 'No Auditing' }
# end

class AuditPolicy < Vulcano.resource(1)
  name 'audit_policy'

  def method_missing(method)
    key = method.to_s

    # expected result:
    # Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
    # WIN-MB8NINQ388J,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,
    result ||= vulcano.run_command("Auditpol /get /subcategory:'#{key}' /r").stdout

    # find line
    target = nil
    result.each_line {|s|
      target = s.strip if s.match(/\b.*#{key}.*\b/)
    }

    # extract value
    if target != nil
      # split csv values and return value
      value = target.split(',')[4]
    else
      value = nil
    end

    value
  end

  def to_s
    'Windows Advanced Auditing'
  end
end
update copyright header 2015-07-15 13:15:18 +00:00			`# encoding: utf-8`
			`# copyright: 2015, Vulcano Security GmbH`
			`# license: All rights reserved`

optimize comments for audit_policy resource 2015-09-05 20:45:43 +00:00			`# Advanced Auditing:`
migrate all of audit Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:04:52 +00:00			`# As soon as you start applying Advanced Audit Configuration Policy, legacy policies will be completely ignored.`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00			`# reference: https://technet.microsoft.com/en-us/library/cc753632.aspx`
migrate all of audit Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:04:52 +00:00			`# use:`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00			`# - list all categories: Auditpol /list /subcategory:* /r`
			`# - list parameters: Auditpol /get /category:"System" /subcategory:"IPsec Driver"`
			`# - list specific parameter: Auditpol /get /subcategory:"IPsec Driver"`
migrate all of audit Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:04:52 +00:00			`#`
			`# @link: http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx`
optimize comments for audit_policy resource 2015-09-05 20:45:43 +00:00			`#`
			`# Valid values are:`
			`#`
			`# - "No Auditing"`
			`# - "Not Specified"`
			`# - "Success"`
			`# - "Success and Failure"`
			`# - "Failure"`
			`#`
			`# Further information is available at: https://msdn.microsoft.com/en-us/library/dd973859.aspx`
			`#`
			`# Usage:`
			`#`
			`# describe audit_policy do`
			`# its('Other Account Logon Events') { should_not eq 'No Auditing' }`
			`# end`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00
migrate all of audit Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:04:52 +00:00			`class AuditPolicy < Vulcano.resource(1)`
			`name 'audit_policy'`
refactor audit policy 2015-07-26 20:43:24 +00:00
			`def method_missing(method)`
			`key = method.to_s`

			`# expected result:`
			`# Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting`
			`# WIN-MB8NINQ388J,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,`
rename backend reference @vulcano -> vulcano Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-30 02:33:15 +00:00			`result \|\|= vulcano.run_command("Auditpol /get /subcategory:'#{key}' /r").stdout`
refactor audit policy 2015-07-26 20:43:24 +00:00
			`# find line`
			`target = nil`
migrate all of audit Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:04:52 +00:00			`result.each_line {\|s\|`
refactor audit policy 2015-07-26 20:43:24 +00:00			`target = s.strip if s.match(/\b.#{key}.\b/)`
			`}`

			`# extract value`
			`if target != nil`
			`# split csv values and return value`
			`value = target.split(',')[4]`
migrate all of audit Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:04:52 +00:00			`else`
refactor audit policy 2015-07-26 20:43:24 +00:00			`value = nil`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00			`end`

refactor audit policy 2015-07-26 20:43:24 +00:00			`value`
			`end`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00
refactor audit policy 2015-07-26 20:43:24 +00:00			`def to_s`
migrate all of audit Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-08-28 23:04:52 +00:00			`'Windows Advanced Auditing'`
feature: add windows resources Signed-off-by: Dominik Richter <dominik.richter@gmail.com> 2015-04-17 13:37:17 +00:00			`end`
			`end`