2015-07-15 13:15:18 +00:00
|
|
|
# encoding: utf-8
|
|
|
|
# copyright: 2015, Vulcano Security GmbH
|
2015-10-06 16:55:44 +00:00
|
|
|
# author: Christoph Hartmann
|
|
|
|
# author: Dominik Richter
|
2015-07-15 13:15:18 +00:00
|
|
|
# license: All rights reserved
|
|
|
|
|
2015-09-05 20:45:43 +00:00
|
|
|
# Advanced Auditing:
|
2015-08-28 23:04:52 +00:00
|
|
|
# As soon as you start applying Advanced Audit Configuration Policy, legacy policies will be completely ignored.
|
2015-04-17 13:37:17 +00:00
|
|
|
# reference: https://technet.microsoft.com/en-us/library/cc753632.aspx
|
2015-08-28 23:04:52 +00:00
|
|
|
# use:
|
2015-04-17 13:37:17 +00:00
|
|
|
# - list all categories: Auditpol /list /subcategory:* /r
|
|
|
|
# - list parameters: Auditpol /get /category:"System" /subcategory:"IPsec Driver"
|
|
|
|
# - list specific parameter: Auditpol /get /subcategory:"IPsec Driver"
|
2015-08-28 23:04:52 +00:00
|
|
|
#
|
|
|
|
# @link: http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx
|
2015-09-05 20:45:43 +00:00
|
|
|
#
|
|
|
|
# Valid values are:
|
|
|
|
#
|
|
|
|
# - "No Auditing"
|
|
|
|
# - "Not Specified"
|
|
|
|
# - "Success"
|
|
|
|
# - "Success and Failure"
|
|
|
|
# - "Failure"
|
|
|
|
#
|
|
|
|
# Further information is available at: https://msdn.microsoft.com/en-us/library/dd973859.aspx
|
|
|
|
#
|
|
|
|
# Usage:
|
|
|
|
#
|
|
|
|
# describe audit_policy do
|
|
|
|
# its('Other Account Logon Events') { should_not eq 'No Auditing' }
|
|
|
|
# end
|
2015-04-17 13:37:17 +00:00
|
|
|
|
2015-08-28 23:04:52 +00:00
|
|
|
class AuditPolicy < Vulcano.resource(1)
|
|
|
|
name 'audit_policy'
|
2015-07-26 20:43:24 +00:00
|
|
|
|
|
|
|
def method_missing(method)
|
|
|
|
key = method.to_s
|
|
|
|
|
|
|
|
# expected result:
|
|
|
|
# Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
|
|
|
|
# WIN-MB8NINQ388J,System,Kerberos Authentication Service,{0CCE9242-69AE-11D9-BED3-505054503030},No Auditing,
|
2015-10-05 16:54:47 +00:00
|
|
|
result ||= vulcano.command("Auditpol /get /subcategory:'#{key}' /r").stdout
|
2015-07-26 20:43:24 +00:00
|
|
|
|
|
|
|
# find line
|
|
|
|
target = nil
|
2015-08-28 23:04:52 +00:00
|
|
|
result.each_line {|s|
|
2015-07-26 20:43:24 +00:00
|
|
|
target = s.strip if s.match(/\b.*#{key}.*\b/)
|
|
|
|
}
|
|
|
|
|
|
|
|
# extract value
|
2015-09-09 16:37:16 +00:00
|
|
|
values = nil
|
|
|
|
unless target.nil?
|
2015-07-26 20:43:24 +00:00
|
|
|
# split csv values and return value
|
2015-09-09 16:37:16 +00:00
|
|
|
values = target.split(',')[4]
|
2015-04-17 13:37:17 +00:00
|
|
|
end
|
|
|
|
|
2015-09-09 16:37:16 +00:00
|
|
|
values
|
2015-07-26 20:43:24 +00:00
|
|
|
end
|
2015-04-17 13:37:17 +00:00
|
|
|
|
2015-07-26 20:43:24 +00:00
|
|
|
def to_s
|
2015-10-12 11:01:58 +00:00
|
|
|
'Audit Policy'
|
2015-04-17 13:37:17 +00:00
|
|
|
end
|
|
|
|
end
|