private IEnumerable <Dictionary <string, string> > FilterGroupsByUser(string userName, IEnumerable <Dictionary <string, string> > groups) { string netUserProps = _processUtil.ExecuteWindowsCommand($"net user {userName}"); string spaceDelimitedGroups = Regex.Match(netUserProps, @"(?<=Local Group Memberships\s+)[^\n]+").Value; IEnumerable <string> groupStrings = Regex.Split(spaceDelimitedGroups, @"\s+").Select(group => group.Trim('*')); return(groups.Where(group => groupStrings.Contains(group[NameKey]))); }
/// <inheritdoc /> public ETWEventGeneratorBase(IProcessUtil processUtil, IWmiUtils wmiUtils) { _wmiUtils = wmiUtils; foreach (ETWEventType etwEvent in ETWEvents) { _lastRetrievedEventTimeStamps[etwEvent] = ManagementDateTimeConverter.ToDmtfDateTime(DateTime.Now); } foreach (string command in PrerequisiteCommands) { processUtil.ExecuteWindowsCommand(command); } }
/// <summary> /// Read the netsat output /// Create an event that conatins all the open ports in state LISTEN (UDP and TCP) /// </summary> /// <returns>List of open ports event</returns> protected override List <IEvent> GetEventsImpl() { //Run netstat and parse the output //We redirect stderr to /dev/null to avoid root requirements (sudo) const string netstatCommand = "netstat -an"; string content = _processUtil.ExecuteWindowsCommand(netstatCommand); List <ListeningPortsPayload> payloads = NetstatUtils.ParseNetstatListeners(content, LocalAddressColumnNumber, RemoteAddressColumnNumber); SimpleLogger.Debug($"NetstatEventGenerator returns {payloads.Count} payloads"); var openPorts = new ListeningPorts(Priority, payloads.ToArray()); return(new List <IEvent>() { openPorts }); }