mirror of
https://github.com/inspec/inspec
synced 2024-11-15 01:17:08 +00:00
72 lines
1.6 KiB
Ruby
72 lines
1.6 KiB
Ruby
# Security Configuration and Analysis
|
|
#
|
|
# Export local security policy:
|
|
# secedit /export /cfg secpol.cfg
|
|
#
|
|
# @link http://www.microsoft.com/en-us/download/details.aspx?id=25250
|
|
#
|
|
# In Windows, some security options are managed differently that the local GPO
|
|
# All local GPO parameters can be examined via Registry, but not all security
|
|
# parameters. Therefore we need a combination of Registry and secedit output
|
|
|
|
include Serverspec::Type
|
|
|
|
class SecurityPolicy < Serverspec::Type::Base
|
|
|
|
# static variable, shared across all instances
|
|
@@loaded = false
|
|
@@policy = nil
|
|
@@exit_status = nil
|
|
|
|
# load security content
|
|
def load
|
|
# export the security policy
|
|
@runner.run_command('secedit /export /cfg win_secpol.cfg')
|
|
# store file content
|
|
command_result ||= @runner.run_command('type win_secpol.cfg')
|
|
# delete temp file
|
|
@runner.run_command('del win_secpol.cfg')
|
|
|
|
@@exit_status = command_result.exit_status.to_i
|
|
@@policy = command_result.stdout
|
|
|
|
@@loaded = true
|
|
|
|
# returns self
|
|
self
|
|
end
|
|
|
|
def method_missing(method)
|
|
|
|
# load data if needed
|
|
if (@@loaded == false)
|
|
load
|
|
end
|
|
|
|
# find line with key
|
|
key = method.to_s
|
|
target = ""
|
|
@@policy.each_line {|s|
|
|
target = s.strip if s.match(/\b#{key}\s*=\s*(.*)\b/)
|
|
}
|
|
|
|
# extract variable value
|
|
result = target.match(/[=]{1}\s*(?<value>.*)/)
|
|
|
|
if !result.nil?
|
|
val = result[:value]
|
|
val = val.to_i if val.match(/^\d+$/)
|
|
else
|
|
# TODO we may need to return skip or failure if the
|
|
# requested value is not available
|
|
val = nil
|
|
end
|
|
|
|
val
|
|
end
|
|
|
|
def to_s
|
|
%Q[Security Policy]
|
|
end
|
|
|
|
end
|