tis-audit-local-admins

70-4
Auditting local administrators
1184 downloads
Download

  Description 

  • package : tis-audit-local-admins
  • version : 70-4
  • architecture : all
  • categories : Security
  • maintainer : Simon Fonteneau
  • description : Auditting local administrators
  • locale :
  • target_os : windows
  • min_os_version :
  • max_os_version :
  • min_wapt_version : 1.7
  • sources :
  • installed_size :
  • impacted_process :
  • description_fr : Auditter les administateurs locaux
  • description_pl :
  • description_de :
  • description_es :
  • description_pt :
  • description_it :
  • description_nl :
  • description_ru :
  • editor :
  • licence :
  • signature_date : 2020-10-16T11:09:54.942637

  Setup.py 

# -*- coding: utf-8 -*-
from setuphelpers import *
import win32security
import win32net
import os
import json

uninstallkey = []


audit_local_admins = None
#Give domain Name
domain_name = os.environ['USERDOMAIN']

#define allowed user in admin list
allow_admins_list = ['%s\\tisadmin' % get_computername(), '%s\\tis-adm' % domain_name]

dict_sid_name = {}


def install():
    pass

def audit():

    global dict_sid_name,audit_local_admins

    if len(get_computername()) > 15 :
        print('Computer Name longer then 15 ')
        return "ERROR"

    audit_local_admins = makepath(install_location('WAPT_is1'),'private','persistent',control.package_uuid,'audit-local-admins-cache.json')

    try :
        dict_sid_name = cache_info()
    except:
        dict_sid_name = {}

    #domain admins group name
    name_group_admin = get_name_with_sid('S-1-5-32-544')

    #local user administrator group name
    local_administrator = str(get_computername() + '\\' + get_name_with_sid(win32security.ConvertSidToStringSid(win32net.NetUserModalsGet(get_computername(), 2)['domain_id']) + '-500')).lower()

    #allowed for local administror user and domain name ...
    allow_admin = [local_administrator, domain_name.lower() + '\\' ]

    # Try add "domain admins" group in allow admin list
    try:
        allow_admin.append(str('%s\\%s'.lower() % (domain_name,get_name_with_sid('%s-512' % get_domain_sid()))).lower())
    except:
        raise
        print('Domain Controleur unavailed ?')
        pass

    #convert allow_admins_list in lower and add in allow_admin liste
    newlist = []
    for l in allow_admins_list:
        newlist.append(l.lower())
    allow_admin.extend(newlist)

    json_write_file(audit_local_admins,dict_sid_name)


    # print bad user in admin list
    listerror =  []
    admins_users  = local_group_members(name_group_admin)
    for user in admins_users:
        if not user.lower() in allow_admin:
            listerror.append(user)
    if listerror:
        print ('%s' % ','.join(listerror)) # Bad users in admin list:
        return 'ERROR'
    print('%s' % ','.join(admins_users)) # Allowed users in admin list: 
    return 'OK'


def cache_info():
    global audit_local_admins
    return json_load_file(audit_local_admins)


# Get Name With SID
def get_name_with_sid(osid):
    global dict_sid_name
    try:
        sid = win32security.GetBinarySid(osid)
        name, domain, typ = win32security.LookupAccountSid(wincomputername(), sid)
        dict_sid_name[osid] = name
        return name
    except:
        if osid in dict_sid_name :
            return dict_sid_name[osid]
        error('Failed name resolution for %s' % osid)


# Found Domain SID
def get_domain_sid():
    global dict_sid_name
    try:
        umi2 = win32net.NetUserModalsGet(win32net.NetGetDCName(), 2)
        domain_sid = umi2['domain_id']
        name = win32security.ConvertSidToStringSid(domain_sid)
        dict_sid_name["get_domain_sid"] = name
        return name
    except:
        if "get_domain_sid" in dict_sid_name :
            return dict_sid_name["get_domain_sid"]
        error('Domain SID is not available')


def update_package():
    # Initializing variables
    version = control.get_software_version()

    # Incrementing version of the package
    control.version = '%s-%s'%(version,int(control.version.split('-')[-1])+1)
    control.save_control_to_wapt()
    print('Changing package version to: %s in WAPT\\control' % control.version)


def json_load_file(json_file):
    with open(json_file) as read_file:
        data = json.load(read_file)
    return data


def json_write_file(json_file,data,sort_keys=True, indent=4):
    import codecs
    with codecs.open(json_file, 'w', encoding='utf-8') as write_file:
        json.dump(data, write_file, sort_keys=sort_keys, indent=indent)


										

  Changelog 


No changelog
  manifest.sha256 
[["setup.py","46fb5be6d0974a78df76595863c01bff74542718f7bdf3f4e5b590ac1225f8b2"],["WAPT/icon.png","4e424cf16b749d1dff5b232130000cd4b633399ee5dddce76f8d8a95117ae105"],["WAPT/certificate.crt","a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf"],["WAPT/control","11e9a08e305bfc2814da36cd4d6e2982495088077543a1df7adff41a47a9b2c3"]]