private void CreateFileAuditedPermissions53ItemType(fileauditedpermissions_item item, string filepath, string trusteeSID) { var defaultAuditEntityStatus = AuditEventStatus.AUDIT_NONE.ToString(); item.filepath = OvalHelper.CreateItemEntityWithStringValue(filepath); item.path = OvalHelper.CreateItemEntityWithStringValue(Path.GetDirectoryName(filepath)); item.filename = OvalHelper.CreateItemEntityWithStringValue(Path.GetFileName(filepath)); item.trustee_sid = OvalHelper.CreateItemEntityWithStringValue(trusteeSID); item.access_system_security = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.file_append_data = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.file_delete_child = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.file_execute = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.file_read_attributes = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.file_read_data = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.file_read_ea = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.file_write_attributes = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.file_write_data = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.file_write_ea = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.generic_all = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.generic_execute = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.generic_read = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.generic_write = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.standard_delete = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.standard_read_control = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.standard_synchronize = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.standard_write_dac = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); item.standard_write_owner = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus); }
private string GetCompleteFilepath(fileauditedpermissions_item fileAuditedPermissionsItem) { if (IsFilePathDefined(fileAuditedPermissionsItem)) { return(fileAuditedPermissionsItem.filepath.Value); } else { return(Path.Combine(fileAuditedPermissionsItem.path.Value, fileAuditedPermissionsItem.filename.Value)); } }
private ItemType[] CreateFakeItemTypes() { var newItemType = new fileauditedpermissions_item() { filepath = new EntityItemStringType() { Value = "c:\\temp\\file1.txt" }, trustee_sid = new EntityItemStringType() { Value = "S-1-1" } }; return(new ItemType[] { newItemType }); }
private void SetAllAuditEntitiesItemToEMPTY(fileauditedpermissions_item item) { item.access_system_security = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.file_append_data = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.file_delete_child = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.file_execute = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.file_read_attributes = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.file_read_data = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.file_read_ea = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.file_write_attributes = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.file_write_data = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.file_write_ea = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.generic_all = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.generic_execute = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.generic_read = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.generic_write = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.standard_delete = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.standard_read_control = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.standard_synchronize = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.standard_write_dac = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); item.standard_write_owner = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString()); }
private void SetAllAuditEntitiesItemToNULL(fileauditedpermissions_item fileauditedpermissionsItem) { fileauditedpermissionsItem.access_system_security = null; fileauditedpermissionsItem.file_append_data = null; fileauditedpermissionsItem.file_delete_child = null; fileauditedpermissionsItem.file_execute = null; fileauditedpermissionsItem.file_read_attributes = null; fileauditedpermissionsItem.file_read_data = null; fileauditedpermissionsItem.file_read_ea = null; fileauditedpermissionsItem.file_write_attributes = null; fileauditedpermissionsItem.file_write_data = null; fileauditedpermissionsItem.file_write_ea = null; fileauditedpermissionsItem.generic_all = null; fileauditedpermissionsItem.generic_execute = null; fileauditedpermissionsItem.generic_read = null; fileauditedpermissionsItem.generic_write = null; fileauditedpermissionsItem.standard_delete = null; fileauditedpermissionsItem.standard_read_control = null; fileauditedpermissionsItem.standard_synchronize = null; fileauditedpermissionsItem.standard_write_dac = null; fileauditedpermissionsItem.standard_write_owner = null; }
private void MapSACLsToFileAuditedPermissionsItem( fileauditedpermissions_item collectedItem, IEnumerable <WMIWinACE> SACLs) { foreach (var sacl in SACLs) { sacl.CalculateFileAccessRightsFromAccessMask(); if (sacl.ACCESS_SYSTEM_SECURITY) { collectedItem.access_system_security.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.DELETE) { collectedItem.standard_delete.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.FILE_APPEND_DATA) { collectedItem.file_append_data.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.FILE_DELETE_CHILD) { collectedItem.file_delete_child.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.FILE_EXECUTE) { collectedItem.file_execute.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.FILE_READ_ATTRIBUTES) { collectedItem.file_read_attributes.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.FILE_READ_DATA) { collectedItem.file_read_data.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.FILE_READ_EA) { collectedItem.file_read_ea.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.FILE_WRITE_ATTRIBUTES) { collectedItem.file_write_attributes.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.FILE_WRITE_DATA) { collectedItem.file_write_data.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.FILE_WRITE_EA) { collectedItem.file_write_ea.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.GENERIC_ALL) { collectedItem.generic_all.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.GENERIC_EXECUTE) { collectedItem.generic_execute.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.GENERIC_READ) { collectedItem.generic_read.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.GENERIC_WRITE) { collectedItem.generic_write.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.READ_CONTROL) { collectedItem.standard_read_control.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.SYNCHRONIZE) { collectedItem.standard_synchronize.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.WRITE_DAC) { collectedItem.standard_write_dac.Value = sacl.AuditEventPolicy.ToString(); } if (sacl.WRITE_OWNER) { collectedItem.standard_write_owner.Value = sacl.AuditEventPolicy.ToString(); } } }
private bool IsFilePathDefined(fileauditedpermissions_item fileAuditedPermissionsItem) { var filepathEntity = fileAuditedPermissionsItem.filepath; return((filepathEntity != null) && (!string.IsNullOrEmpty(filepathEntity.Value))); }