public static void _modifyXML(string _sourcePath, string _fileName, string _node, string _refNode, bool _createNode)
{
// string fname = "C:\\Pritesh_Data\\PP\\Web.config";
XmlNode _xmlnode = null;
XmlElement _element = null;
XmlAttribute _attribute = null;
// XmlAttribute _attribute = null;
XmlDocument xmldoc = new XmlDocument();
if (_createNode)
{
_xmlnode = xmldoc.CreateNode("element", _node, "");
}
else
{
_element = xmldoc.CreateElement(_node);
}
if (CopyDLL._backupFiles(_sourcePath, _fileName))
{
switch (_node)
{
case "httpProtocol":
_xmlnode.InnerXml = "<customHeader><remove name = \"X-Powered-By\"/><add name = \"Stric-Transport-Security\" value = \"max-age=31536000\"/></customHeader>";
_node = _node + "/customHeader/remove";
break;
case "security":
_xmlnode.InnerXml = "<requestFiltering><fileExtensions allowUnlisted=\"false\"><remove fileExtension=\".browser\"/><remove fileExtension=\".skin\"/><remove fileExtension=\".asax\" /><remove fileExtension=\".ascx\" /><remove fileExtension=\".config\"/><remove fileExtension=\".master\"/><remove fileExtension=\".resources\"/><remove fileExtension=\".resx\"/><remove fileExtension=\".sitemap\"/><add fileExtension=\".zip\" allowed=\"true\"/><add fileExtension=\".xslt\" allowed=\"true\"/><add fileExtension=\".xsd\" allowed=\"true\"/><add fileExtension=\".xml\" allowed=\"true\"/><add fileExtension=\".sitemap\" allowed=\"true\"/><add fileExtension=\".resx\" allowed=\"true\"/><add fileExtension=\".resources\" allowed=\"true\"/><add fileExtension=\".master\" allowed=\"true\"/><add fileExtension=\".js\" allowed=\"true\"/><add fileExtension=\".html\" allowed=\"true\"/><add fileExtension=\".htm\" allowed=\"true\"/><add fileExtension=\".csv\" allowed=\"true\"/><add fileExtension=\".css\" allowed=\"true\"/><add fileExtension=\".config\" allowed=\"true\"/><add fileExtension=\".bin\" allowed=\"true\"/><add fileExtension=\".bez\" allowed=\"true\"/><add fileExtension=\".beu\" allowed=\"true\"/><add fileExtension=\".aspx\" allowed=\"true\"/><add fileExtension=\".asmx\" allowed=\"true\"/><add fileExtension=\".asax\" allowed=\"true\"/><add fileExtension=\".ascx\" allowed=\"true\"/><add fileExtension=\".skin\" allowed=\"true\"/><add fileExtension=\".axd\" allowed=\"true\"/><add fileExtension=\".png\" allowed=\"true\"/><add fileExtension=\".jpeg\" allowed=\"true\"/><add fileExtension=\".ico\" allowed=\"true\"/><add fileExtension=\".gif\" allowed=\"true\"/><add fileExtension=\".swf\" allowed=\"true\"/><add fileExtension=\".settings\" allowed=\"true\"/><add fileExtension=\".jpg\" allowed=\"true\"/><add fileExtension=\".pdf\" allowed=\"true\"/><add fileExtension=\".xls\" allowed=\"true\"/><add fileExtension=\".xlsx\" allowed=\"true\"/><add fileExtension=\".doc\" allowed=\"true\"/><add fileExtension=\".docx\" allowed=\"true\"/><add fileExtension=\".tff\" allowed=\"true\"/><add fileExtension=\".browser\" allowed=\"true\"/><add fileExtension=\".ashx\" allowed=\"true\"/></fileExtensions> </requestFiltering>";
_node = _node + "/requestFiltering/fileExtensions";
break;
case "deployment":
_attribute = xmldoc.CreateAttribute("retail");
_attribute.Value = "true";
_element.Attributes.Append(_attribute);
break;
case "AntiHttpCrossSiteForgeryRequestModule":
_element = null;
xmldoc.CreateElement("add");
_attribute = xmldoc.CreateAttribute("name");
_attribute.Value = "AntiHttpCrossSiteForgeryRequestModule";
_element.Attributes.Append(_attribute);
XmlAttribute _attribute2 = xmldoc.CreateAttribute("type");
_attribute2.Value = "Approva.Presentation.Framework.HttpModule.AntiHttpCrossSiteForgeryRequestModule, Approva.Presentation.Framework.HttpModule";
_element.Attributes.Append(_attribute2);
break;
default:
Console.WriteLine("Default case");
break;
}
string sourceFile = System.IO.Path.Combine(_sourcePath, _fileName);
//string sourceFile = "C:\\Pritesh_Data\\PP\\Web.config";
if (System.IO.File.Exists(sourceFile))
{
try
{
string refNodeMarkup = _refNode;
if (!isNodeExists(sourceFile, refNodeMarkup, _node))
{
xmldoc.Load(sourceFile);
if (_createNode)
{
xmldoc.SelectSingleNode(refNodeMarkup).AppendChild(_xmlnode);
Logger.WriteMessage("Modified file for " + _node + " setting");
}
else
{
xmldoc.SelectSingleNode(refNodeMarkup).AppendChild(_element);
}
xmldoc.Save(sourceFile);
}
else
{
Logger.WriteMessage("Node +" + _node.ToString() + " is already present");
}
}
catch (Exception ex)
{
Logger.WriteMessage("FAILED TO Modified file for " + _node + "setting");
Logger.WriteError(ex.Message);
}
}
else
{
Logger.WriteMessage("file " + sourceFile + " is not present.");
Logger.WriteMessage("Node " + _node + " not added/created");
}
}
}
static void Main(string[] args)
{
string _websiteName = null;
bool _https = false;
string _port = null;
string _DBconnectionString = null;
string _application = null;
string _driveName = null;
string node = null;
string _sourcePath = null;
string _targetPath = null;
string _fileName = null;
XmlNodeList copyFiles = null;
XmlNodeList regOperation = null;
XmlNodeList sqlOperations = null;
XmlNodeList grouppolicyOperation = null;
RegisitryCRUD registrycrud = null;
if (System.IO.File.Exists(AppDomain.CurrentDomain.BaseDirectory + "\\AppSecurity.xml") && System.IO.File.Exists(AppDomain.CurrentDomain.BaseDirectory + "\\data.xml"))
{
_appConfig = new XmlDocument();
_appConfig.Load(AppDomain.CurrentDomain.BaseDirectory + "\\AppSecurity.xml");
_websiteName = _appConfig.SelectSingleNode("settings/websiteName").InnerText;
_application = _appConfig.SelectSingleNode("settings/application").InnerText;
_driveName = _appConfig.SelectSingleNode("settings/DriveLetter").InnerText;
_https = Convert.ToBoolean(_appConfig.SelectSingleNode("settings/https").InnerText);
_port = _appConfig.SelectSingleNode("settings/port").InnerText;
_DBconnectionString = _appConfig.SelectSingleNode("settings/DBconnectionString").InnerText;
_appConfig = null;
_appConfig = new XmlDocument();
_appConfig.Load(AppDomain.CurrentDomain.BaseDirectory + "\\data.xml");
regOperation = _appConfig.SelectNodes("settings/RegistryOperations/Registry");
sqlOperations = _appConfig.SelectNodes("settings/SqlOperations/Sql");
grouppolicyOperation = _appConfig.SelectNodes("settings/GroupPolicy/policy");
RegisitryCRUD _registryCrud = new RegisitryCRUD();
string _installationPath = null;
_installationPath = _registryCrud.getInstallationFolderPath(_application);
Console.ForegroundColor = ConsoleColor.DarkYellow;
try
{
if (_installationPath.Equals(null))
{
}
}
catch (Exception)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("" + _application.ToUpper() + " IS NOT INSTALLED ON SERVER. Exiting from Utility");
Logger.WriteMessage("" + _application.ToUpper() + " IS NOT INSTALLED ON SERVER. Exiting from Utility");
System.Environment.Exit(0);
}
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine(" -----------------------------------------------");
Console.WriteLine(" APPLICATION SECURITY VERSION :" + Assembly.GetExecutingAssembly().GetName().Version);
Logger.WriteMessage(" APPLICATION SECURITY VERSION :" + Assembly.GetExecutingAssembly().GetName().Version);
Console.WriteLine(" -----------------------------------------------");
Console.ForegroundColor = ConsoleColor.Cyan;
/**
* -------------------------------------------------------------------------
* Web-content is on a non-system partition
* ----------------------------------------------------------------------
*/
string _wwwrootPath = null;
string _binDirectory = null;
string _binDirUnderSetting = null;
_wwwrootPath = _driveName + @":\wwwroot";
_binDirectory = _wwwrootPath + "\\bin";
_binDirUnderSetting = _installationPath + "\\Settings\\bin";
if (_application.ToUpper().Equals("IRC"))
{
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(" Start - Web-content is on a non-system partition");
Console.WriteLine(" Start - Web-content is on a non-system partition");
Console.WriteLine(" ----------------------------------------------------------------------");
if (!System.IO.Directory.Exists(_wwwrootPath))
{
try
{
System.IO.Directory.CreateDirectory(_wwwrootPath);
}
catch (Exception ex)
{
Logger.WriteError("Error while creating driectory on " + _wwwrootPath);
Logger.WriteMessage(ex.Message);
}
}
try
{
//Now Create all of the directories
foreach (string dirPath in Directory.GetDirectories("C:\\inetpub\\wwwroot", "*", SearchOption.AllDirectories))
{
Directory.CreateDirectory(dirPath.Replace("C:\\inetpub\\wwwroot", _wwwrootPath));
}
System.Threading.Thread.Sleep(10000);
//Copy all the files & Replaces any files with the same name
foreach (string newPath in Directory.GetFiles("C:\\inetpub\\wwwroot", "*.*", SearchOption.AllDirectories))
{
File.Copy(newPath, newPath.Replace("C:\\inetpub\\wwwroot", _wwwrootPath), true);
}
System.Threading.Thread.Sleep(10000);
}
catch (Exception ex)
{
Logger.WriteError("Error while coping files in D drive");
Logger.WriteMessage(ex.Message);;
}
Logger.WriteMessage("End - Web-content is on a non-system partition");
Console.WriteLine(" END - Web-content is on a non-system partition");
Console.WriteLine(" ----------------------------------------------------------------------");
try
{
System.IO.Directory.CreateDirectory(_binDirectory);
System.Threading.Thread.Sleep(2000);
Logger.WriteMessage("" + _binDirectory + " directory is created");
Console.WriteLine("" + _binDirectory + " directory is created");
Console.WriteLine(" ----------------------------------------------------------------------");
}
catch (Exception ex)
{
Logger.WriteError("Error while creating folder at " + _binDirectory);
Logger.WriteMessage(ex.Message);
}
try
{
System.IO.Directory.CreateDirectory(_binDirUnderSetting);
System.Threading.Thread.Sleep(2000);
Logger.WriteMessage("" + _binDirUnderSetting + " directory is created");
Console.WriteLine("" + _binDirUnderSetting + " directory is created");
Console.WriteLine(" ----------------------------------------------------------------------");
}
catch (Exception ex)
{
Logger.WriteError("Error while creating folder at " + _binDirUnderSetting);
Logger.WriteMessage(ex.Message);
}
}
switch (_application.ToUpper())
{
case "IRC":
_sourcePath = _installationPath + @"\BizRightsPresentation\bin";
break;
case "CM":
_sourcePath = _installationPath + @"\presentation\bin";
break;
default:
throw new Exception("Applicaton type is in incorrect format");
}
_fileName = "Approva.Presentation.Framework.HttpModule.dll";
try
{
CopyDLL._CopyFromLocation(_sourcePath, _binDirectory, _fileName);
System.Threading.Thread.Sleep(3000);
}
catch (Exception ex)
{
Logger.WriteError("Error while copying " + _fileName);
Logger.WriteMessage(ex.Message);;
}
_sourcePath = null;
_fileName = null;
//----------------------------------------------------------------------
/**
* -------------------------------------------------------------------------
* Copy the Approva.Presentation.Framework.HttpModule.dll from the [IRC InstallPath]\BizRightsPresentation\bin to 3 locations:
* [IRC Install path]\Core\bin
* [IRC Install path]\Adapters\TMonitor\bin
* [IRC Install path]\BRPublisher\bin
* ----------------------------------------------------------------------
*/
switch (_application.ToUpper())
{
case "IRC":
copyFiles = _appConfig.SelectNodes("settings/IRCcopyFiles");
break;
case "CM":
copyFiles = _appConfig.SelectNodes("settings/CMcopyFiles");
break;
default:
throw new Exception("Applicaton type is in incorrect format");
}
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Copying the Approva.Presentation.Framework.HttpModule.dll from the [IRC InstallPath]\BizRightsPresentation\bin to 4 locations:");
Console.WriteLine(@" Copying the Approva.Presentation.Framework.HttpModule.dll from the[IRC InstallPath]\\BizRightsPresentation\bin to 4 locations:");
foreach (XmlNode itemCopyFiles in copyFiles)
{
// foreach (XmlNode filepath in copyFiles)
//{
Console.WriteLine("------------------------------------------------");
_sourcePath = itemCopyFiles.SelectSingleNode("SourceFile").Attributes["path"].Value;
_fileName = itemCopyFiles.SelectSingleNode("SourceFile").Attributes["fileName"].Value;
_sourcePath = _installationPath + _sourcePath;
XmlNodeList _locationlist = itemCopyFiles.SelectNodes("SourceFile/location");
foreach (XmlNode item in _locationlist)
{
_targetPath = item.InnerText;
_targetPath = _installationPath + _targetPath;
CopyDLL._CopyFromLocation(_sourcePath, _targetPath, _fileName);
Logger.WriteMessage(@"Copied to:" + _targetPath);
Console.WriteLine(@"Copied to:" + _targetPath);
System.Threading.Thread.Sleep(500);
_targetPath = null;
}
_sourcePath = null;
//}
}
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"WhiteHat - Fixing the information leakage vulnerability");
Console.WriteLine(@" WhiteHat - Fixing the information leakage vulnerability");
bool iswebConfigPresent = System.IO.File.Exists(_wwwrootPath + "\\web.config");
if (_application.ToUpper().Equals("IRC"))
{
if (iswebConfigPresent)
{
Console.WriteLine("Web.config is already present & backedup with 'OldWeb.config' at " + _wwwrootPath);
try
{
File.Copy(_wwwrootPath + "\\web.config", _wwwrootPath + "\\OldWeb.config", true);
File.Delete(_wwwrootPath + "\\web.config");
}
catch (Exception)
{
Console.WriteLine("Error while renaming Web.config");
Logger.WriteMessage("Error while renaming Web.config");
throw;
}
}
// string webConfigFilePath = AppDomain.CurrentDomain.BaseDirectory + "\\web.config";
try
{
CopyDLL._CopyFromLocation(AppDomain.CurrentDomain.BaseDirectory, _wwwrootPath, "web.config");
}
catch (Exception ex)
{
Logger.WriteMessage("Problem while copying web.config file ");
Console.WriteLine("Problem while copying web.config file");
Logger.WriteMessage(ex.Message);
}
}
// Remove or comment out the following node from these paths to unregister"AntiHttpCrossSiteForgeryRequestModule" managed HTTP module. *
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Remove/comment out the following node from these paths to unregister AntiHttpCrossSiteForgeryRequestModule managed HTTP module from Bizrightspresentation/bin");
Console.WriteLine(@" Remove/comment out the following node from these paths to unregister AntiHttpCrossSiteForgeryRequestModule managed HTTP module from Bizrightspresentation/bin");
_fileName = "web.config";
switch (_application.ToUpper())
{
case "IRC":
_sourcePath = _installationPath + "\\BizrightsPresentation";
File.Copy(_sourcePath + "\\web.config", _wwwrootPath + "\\Old_IRC_Web.config", true);
break;
case "CM":
_sourcePath = _installationPath + "\\presentation";
File.Copy(_sourcePath + "\\web.config", _wwwrootPath + "\\Old_CM_Web.config", true);
break;
default:
throw new Exception("Application type not correct");
}
string _node = @"add[@name='AntiHttpCrossSiteForgeryRequestModule']";
string _refNode = @"/configuration/system.webServer/modules/";
XMLCRUD._commentInWebConfigXML(_sourcePath, _fileName, _refNode, _node, true);
_node = null;
_refNode = null;
/*
* --------------------------------------------------------------------------------------
* Cookie security: cookie not sent over SSL
* ------------------------------------------------------------------------------------
*/
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Cookie security: cookie not sent over SSL");
Console.WriteLine(@" Cookie security: cookie not sent over SSL");
string _attribute = null;
string _attributeValue = null;
if (_application.ToUpper().Equals("IRC") && _https)
{
_attribute = "cookieRequireSSL";
_attributeValue = "true";
_refNode = "roleManager";
XMLCRUD.addAttributeToExistingNode(_sourcePath, _fileName, _attribute, _attributeValue, _refNode);
_attribute = "null";
_attributeValue = "null";
_refNode = "null";
_attribute = "requireSSL";
_refNode = "forms";
_attributeValue = "true";
XMLCRUD.addAttributeToExistingNode(_sourcePath, _fileName, _attribute, _attributeValue, _refNode);
_attribute = "null";
_attributeValue = "null";
_refNode = "null";
_attribute = "requireSSL";
_refNode = "httpCookies";
_attributeValue = "true";
XMLCRUD.addAttributeToExistingNode(_sourcePath, _fileName, _attribute, _attributeValue, _refNode);
_attribute = "null";
_attributeValue = "null";
_refNode = "null";
}
/*
* -------------------------------------------------------------------------
* CIS - CAT hardening - ASP.Net configuration recommendations
* //C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config
* ----------------------------------------------------------------------
*/
if (_application.ToUpper().Equals("IRC"))
{
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"CIS - CAT hardening - ASP.Net configuration recommendations");
Console.WriteLine(@" CIS - CAT hardening - ASP.Net configuration recommendations");
node = "deployment";
CopyDLL._backupFiles("C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config", "machine.config");
XMLCRUD._modifyXML("C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\Config", "machine.config", node, "configuration/system.web", false);
node = null;
/*
* -------------------------------------------------------------------------
* Ensure Handler is not granted Write and Script/Execute
* ----------------------------------------------------------------------
*/
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Ensure Handler is not granted Write and Script/Execute");
Console.WriteLine(@" Ensure Handler is not granted Write and Script/Execute");
CopyDLL._backupFiles("C:\\Windows\\system32\\inetsrv\\config", "applicationHost.config");
XmlDocument _appHostConfig = new XmlDocument();
try
{
try
{
_appHostConfig.Load("C:\\Windows\\system32\\inetsrv\\config\\applicationHost.config");
}
catch (Exception e)
{
Console.WriteLine("Error while Loading Config file: " + e.Message);
}
XmlAttribute handlers = (XmlAttribute)_appHostConfig.SelectSingleNode("configuration//location//system.webServer//handlers/@accessPolicy");
String _policy = handlers.InnerText;
// Console.WriteLine("Present Handler Values: " + _policy);
Logger.WriteMessage("Present Handler Values: " + _policy);
if (_policy.ToUpper().Contains("Write"))
{
handlers.Value = "Read, Script";
_appHostConfig.Save("C:\\Windows\\system32\\inetsrv\\config\\applicationHost.config");
// Console.WriteLine("applicationHost.config file has been modified successfully");
Logger.WriteMessage("applicationHost.config file has been modified successfully");
}
else
{
// Console.WriteLine("Required Handler Values are present");
Logger.WriteMessage("Required Handler Values are present");
}
}
catch (Exception e)
{
Console.WriteLine("Error while modifing/reading Handler in ApplicationHost.config file");
Logger.WriteMessage("Error while modifing/reading Handler in ApplicationHost.config file" + e.Message);
}
}
// Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Change IIS Website Physical path");
//Console.WriteLine(@"Change IIS Website Physical path");
node = null;
node = "Change IIS Physical path";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
//Console.WriteLine("change physical path to " + _wwwrootPath);
System.Threading.Thread.Sleep(3000);
// Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Change IIS log path");
// Console.WriteLine(@"Change IIS log path");
node = null;
node = "Change IIS log path";
string _logPath = _driveName + @":\LogFiles";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _driveName);
// Console.WriteLine("change IIS log");
System.Threading.Thread.Sleep(3000);
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"IIS Hardening -Configuring host headers on all sites");
Console.WriteLine(@" IIS Hardening -Configuring host headers on all sites ");
// IIS Hardening -Configuring host headers on all sites
node = "Host Header";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
node = null;
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"IIS - Setting the default application pool identity to least privilege principal");
Console.WriteLine(@" IIS - Setting the default application pool identity to least privilege principal");
// IIS - Setting the default application pool identity to least privilege principal
node = "Default application pool identity";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
node = null;
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"IIS - Configuring the anonymous user identity to use the Application Pool identity");
Console.WriteLine(@" IIS - Configuring the anonymous user identity to use the Application Pool identity");
//IIS - Configuring the anonymous user identity to use the Application Pool identity
node = "Anonymous user identity to use the Application Pool identity";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
node = null;
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"IIS - Configuring the Require SSL option in the Forms authentication");
Console.WriteLine(@" IIS - Configuring the Require SSL option in the Forms authentication");
// IIS - Configuring the Require SSL option in the Forms authentication
if (_https)
{
//string[] subsites = new string[] { "BizRightsCoreSettings", "BRPublisher", "CertificationManager", "Core", "IRC", "PDSService", "TMAdapter" };
node = "Required SSL in form authentication";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
//foreach (string s in subsites)
//{
// string temp = _websiteName + "/" + s;
// CMDOperations.cmdRun(node, temp, _https, _port, _wwwrootPath);
// temp = null;
//}
node = null;
}
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"IIS - Turning the Debug Off in the IIS ");
Console.WriteLine(@" IIS - Turning the Debug Off in the IIS ");
//IIS - Turning the Debug Off in the IIS
node = "Debug off in the IIS";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Adding X-Content - Type - Options ");
Console.WriteLine(@" Adding X-Content - Type - Options ");
//Adding X-Content - Type - Options
if (_application.ToUpper().Equals("IRC"))
{
node = "X-Content-Type-Options";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
node = null;
}
//Disabling directory browsing feature of Certification Manager Site using IIS
if (_application.ToUpper().Equals("CM"))
{
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Disabling directory browsing feature of Certification Manager Site");
node = "Directory Browsing";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
node = null;
}
//Enabling Advanced IIS logging
//Setting cookies with the HttpOnly attribute
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Setting cookies with the HttpOnly attribute is incorporated in pre shipped web config");
// Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Setting 'forms authentication' to use cookies");
Console.WriteLine(@" Setting 'forms authentication' to use cookies");
//Setting 'forms authentication' to use cookies
node = "forms Authentication to use cookies";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
node = null;
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Ensure non-ASCII Characters in URLs are not allowed");
Console.WriteLine(@" Ensure non-ASCII Characters in URLs are not allowed");
//Ensure non-ASCII Characters in URLs are not allowed
node = "Request Filter";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
node = null;
//To configure general request-filter-Configure Double escaping (allowdoubleescaping)
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Ensure Double-Encoded requests will be rejected");
Console.WriteLine(@"Ensure Double-Encoded requests will be rejected");
//Ensure non-ASCII Characters in URLs are not allowed
node = "Double Escaping";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
node = null;
//To configure configure IIS to deny HTTP TRACE requests (Ensure 'HTTP Trace Method' is disabled)
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Ensure 'HTTP Trace Method' is disabled");
Console.WriteLine(@"Ensure 'HTTP Trace Method' is disabled");
//Ensure non-ASCII Characters in URLs are not allowed
node = "HTTP TRACE";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
node = null;
//Edit ISAPI and CGI Restrictions Settings
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Ensure 'notListedIsapisAllowed/notListedCgisAllowed' is set to false");
Console.WriteLine(@"Ensure 'notListedIsapisAllowed/notListedCgisAllowed' is set to false");
//Ensure non-ASCII Characters in URLs are not allowed
node = "ISAPI_CGI Restrictions";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
node = null;
//Machine Key Settings
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Ensure 'MachineKey validation method - .Net 4.5' is configured");
Console.WriteLine(@"Ensure 'MachineKey validation method - .Net 4.5' is configured");
//Ensure non-ASCII Characters in URLs are not allowed
node = "Machine Key 4.5 Validation";
CMDOperations.cmdRun(node, _websiteName, _https, _port, _wwwrootPath);
node = null;
/**
* -------------------------------------------------------------------------
* Disabling the RC4 Cipher suites,
* Ensure TLS 1.2 is enabled
* Ensure NULL Cipher Suites is disabled
* Ensure DES Cipher Suites is disabled,Ensure RC2 Cipher Suites is disabled
* Ensure AES 256/256 Cipher Suite is enabled
* ----------------------------------------------------------------------
*/
string _regHive = null;
string _regPath = null;
string _regKey = null;
int _regvalue = 0;
string _sregvalue = null;
string _regvalueType = null;
string _regvalueKind = null;
if (_application.ToUpper().Equals("IRC"))
{
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Disabling the RC4 Cipher suites, Ensure TLS 1.2 is enabled ");
Console.WriteLine(@"Disabling the RC4 Cipher suites");
registrycrud = null;
foreach (XmlNode itemReg in regOperation)
{
registrycrud = new RegisitryCRUD();
_regHive = itemReg.Attributes["regHive"].Value.ToString();
_regPath = itemReg.Attributes["regPath"].Value.ToString();
_regKey = itemReg.Attributes["regKey"].Value.ToString();
_regvalueType = itemReg.Attributes["regValueType"].Value.ToString();
_regvalueKind = itemReg.Attributes["regValueKind"].Value.ToString().Equals(" ") ? null : itemReg.Attributes["regValueKind"].Value.ToString();
if (_regvalueType.Equals("int"))
{
_regvalue = Convert.ToInt32(itemReg.Attributes["regvalue"].Value);
registrycrud.createRegistryKey(_regHive, _regPath, _regKey, _regvalue, _regvalueKind);
}
else
{
_sregvalue = itemReg.Attributes["regvalue"].Value.ToString();
registrycrud.createRegistryKey(_regHive, _regPath, _regKey, _sregvalue, _regvalueKind);
}
registrycrud = null;
}
/**
* -------------------------------------------------------------------------
* Group Policy Operations
* ----------------------------------------------------------------------
*/
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"Group Policy Operations");
Console.WriteLine(@"Group Policy Operations");
foreach (XmlNode policy in grouppolicyOperation)
{
string _policyName = policy.Attributes["name"].Value.ToString();
string _policyValue = policy.Attributes["value"].Value.ToString();
_regHive = "HKEY_LOCAL_MACHINE";
_regPath = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System";
_regKey = null;
_regvalue = 0;
switch (_policyName)
{
case "User Account Control: Behavior of the elevation prompt for administrators inAdmin Approval Mode":
_regKey = "ConsentPromptBehaviorAdmin";
_regvalue = 5;
break;
case "User Account Control: Switch to the secure desktop when prompting forelevation":
_regKey = "PromptOnSecureDesktop";
_regvalue = 1;
break;
default:
throw new System.InvalidOperationException("parameter in the App Security xml");
}
registrycrud = new RegisitryCRUD();
registrycrud.createRegistryKey(_regHive, _regPath, _regKey, _regvalue, "");
Logger.WriteMessage(_policyName + " value changed to '" + _policyValue + "'");
registrycrud = null;
}
/*
* -------------------------------------------------------------------------
* SQL Operations
* ----------------------------------------------------------------------
*/
Console.WriteLine(" ----------------------------------------------------------------------");
Logger.WriteMessage(@"SQL Operations");
Console.WriteLine(@"SQL Operations");
String dbName = _DBconnectionString.Split(';')[3].Split('=')[1].ToString();
if (!sqlOperations.Equals(""))
{
foreach (XmlNode sqlQuery in sqlOperations)
{
string _sql = sqlQuery.InnerText.ToString();
if (_sql.Contains("Revoke"))
{
SQLOperations._revokeGuestUserfromDB(dbName, _sql, _DBconnectionString);
}
else
{
SQLOperations._executeSQLQueries(_sql, _DBconnectionString);
}
}
}
}
}
}