tis-audit-local-admins

61
Audit local administrators
1187 downloads
Download

  Description 

  • package : tis-audit-local-admins
  • version : 61
  • architecture : all
  • categories :
  • maintainer : Simon Fonteneau
  • description : Audit local administrators
  • locale :
  • target_os :
  • min_os_version :
  • max_os_version :
  • min_wapt_version :
  • sources :
  • installed_size :
  • impacted_process :
  • description_fr : Audit les administateurs locaux
  • description_pl :
  • description_de :
  • description_es :
  • description_pt :
  • description_it :
  • description_nl :
  • description_ru :
  • editor :
  • licence :
  • signature_date : 2020-10-13T15:26:32.091222

  Setup.py 

# -*- coding: utf-8 -*-
from setuphelpers import *
import win32security
import win32net
import os
import json

uninstallkey = []


audit_local_admins = None
#Give domain Name
domain_name = os.environ['USERDOMAIN']

#define allowed user in admin list
allow_admins_list = ['%s\\tisadmin' % get_computername(), r'%s\tis-adm' % domain_name]

dict_sid_name = {}


def install():
    pass

def audit():

    global dict_sid_name,audit_local_admins

    if len(get_computername()) > 15 :
        print('Computer Name longer then 15 ')
        return "ERROR"

    audit_local_admins = makepath(install_location('WAPT_is1'),'private','persistent',control.package_uuid,'audit-local-admins-cache.json')

    try :
        dict_sid_name = cache_info()
    except:
        dict_sid_name = {}

    #domain admins group name
    name_group_admin = get_name_with_sid('S-1-5-32-544')

    #local user administrator group name
    local_administrator = str(get_computername() + '\\' + get_name_with_sid(win32security.ConvertSidToStringSid(win32net.NetUserModalsGet(get_computername(), 2)['domain_id']) + '-500')).lower()

    #allowed for local administror user and domain name ...
    allow_admin = [local_administrator, domain_name.lower() + '\\' ]

    # Try add "domain admins" group in allow admin list
    try:
        allow_admin.append(str('%s\\%s'.lower() % (domain_name,get_name_with_sid('%s-512' % get_domain_sid()))).lower())
    except:
        raise
        print('Domain Controleur unavailed ?')
        pass

    #convert allow_admins_list in lower and add in allow_admin liste
    newlist = []
    for l in allow_admins_list:
        newlist.append(l.lower())
    allow_admin.extend(newlist)

    json_write_file(audit_local_admins,dict_sid_name)


    # print bad user in admin list
    listerror =  []
    admins_users  = local_group_members(name_group_admin)
    for user in admins_users:
        if not user.lower() in allow_admin:
            listerror.append(user)
    if listerror:
        print ('Bad user in admin list %s' %  ','.join(listerror) )
        return 'ERROR'
    print('List admins user : %s' % ' '.join(admins_users))
    return 'OK'

def cache_info():
    global audit_local_admins
    return json_load_file(audit_local_admins)


# Get Name With SID
def get_name_with_sid(osid):
    global dict_sid_name
    try:
        sid = win32security.GetBinarySid(osid)
        name, domain, typ = win32security.LookupAccountSid(wincomputername(), sid)
        dict_sid_name[osid] = name
        return name
    except:
        if osid in dict_sid_name :
            return dict_sid_name[osid]
        error('Failed name resolution for %s' % osid)


# Found Domain SID
def get_domain_sid():
    global dict_sid_name
    try:
        umi2 = win32net.NetUserModalsGet(win32net.NetGetDCName(), 2)
        domain_sid = umi2['domain_id']
        name = win32security.ConvertSidToStringSid(domain_sid)
        dict_sid_name["get_domain_sid"] = name
        return name
    except:
        if "get_domain_sid" in dict_sid_name :
            return dict_sid_name["get_domain_sid"]
        error('Domain SID is not available')



def update_package():
    pass
										

  Changelog 


No changelog
  manifest.sha256 
[["Jenkinsfile","7df1c21c0457ce36ffccf44cfe24bda8881b274d88904efd15c8417606563e7c"],["setup.py","3e1d82426a0e31b51710e2c89e49900caae4270cd2a44820869b43f2a943efdc"],["WAPT/icon.png","4e424cf16b749d1dff5b232130000cd4b633399ee5dddce76f8d8a95117ae105"],["WAPT/wapt.psproj","510d3af6fcf8f2eae5db684bb830ea9845576e76872b9b10854efaea6e4a4cd8"],["WAPT/certificate.crt","a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf"],["WAPT/control","38e27bdc16bb82fcf01da9baca1c48f496be3f62ad48837046e649ee3ac80f62"]]