internal static object READ_Eventlog_SWELF_Reg_Key(string Key)
{
if (Settings.REG_Keys.Count > 1)
{
if (Settings.REG_Keys.ContainsKey(Key))
{
return(Settings.REG_Keys[Key]);
}
}
else
{
if (CHECK_Eventlog_SWELF_Reg_Key_Exists(Key))
{
if (Crypto_Operation.CHECK_Value_Encrypted(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(Key))))
{
return(Crypto_Operation.UnProtect_Data_Value(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(Key))));
}
else
{
ADD_or_CHANGE_SWELF_Reg_Key(Key, Crypto_Operation.CONVERT_To_String_From_Bytes(Crypto_Operation.Protect_Data_Value(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(Key))), 1));
return(Crypto_Operation.UnProtect_Data_Value(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(Key))));
}
}
else
{
Error_Operation.Log_Error("CHANGE_Reg_Key()", "Reg Key does not exist. RegKey=" + Key, "", Error_Operation.LogSeverity.Warning);
return("");
}
}
return("");
}
internal static void WRITE_Default_SWELF_Reg_Keys()
{
Microsoft.Win32.RegistryKey key;
key = Microsoft.Win32.Registry.LocalMachine.CreateSubKey("Software\\SWELF");
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.First_Run].ToString(), Crypto_Operation.Protect_Data_Value("true"));
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.LogCollecter].ToString(), Crypto_Operation.Protect_Data_Value("127.0.0.1"));
//BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.LogCollecter_1].ToString(), Encryptions.Protect_Data_Value("127.0.0.1"));
//BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.LogCollecter_2].ToString(), Encryptions.Protect_Data_Value("127.0.0.1"));
//BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.LogCollecter_3].ToString(), Encryptions.Protect_Data_Value("127.0.0.1"));
//BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.LogCollecter_4].ToString(), Encryptions.Protect_Data_Value("127.0.0.1"));
//BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.LogCollecter_5].ToString(), Encryptions.Protect_Data_Value("127.0.0.1"));
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.Encryption].ToString(), Crypto_Operation.Protect_Data_Value(Crypto_Operation.Generate_Decrypt()));
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.logging_level].ToString(), Crypto_Operation.Protect_Data_Value(Settings.Logging_Level_To_Report));
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.output_format].ToString(), Crypto_Operation.Protect_Data_Value("keyvalue"));
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.SWELF_Current_Version].ToString(), Crypto_Operation.Protect_Data_Value(Settings.SWELF_Version));
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.SWELF_CWD].ToString(), Crypto_Operation.Protect_Data_Value(Settings.SWELF_CWD));
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.SWELF_FAILED_SEC_CHECK].ToString(), Crypto_Operation.Protect_Data_Value("false"));
//BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.central_app_config].ToString(), Crypto_Operation.Protect_Data_Value(""));
//BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.central_plugin_search_config].ToString(), Crypto_Operation.Protect_Data_Value(""));
// BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.central_search_config].ToString(), Crypto_Operation.Protect_Data_Value(""));
//BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.central_whitelist_search_config].ToString(),Crypto_Operation.Protect_Data_Value(""));
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.ConsoleAppConfig_CreationDate].ToString(), Crypto_Operation.Protect_Data_Value(File_Operation.GET_CreationTime(Settings.GET_AppConfigFile_Path)));
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.ConsoleAppConfig_Contents], Crypto_Operation.Protect_Data_Value(File_Operation.READ_AllText(Settings.GET_AppConfigFile_Path)));
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.SearchTerms_File_Contents], Crypto_Operation.Protect_Data_Value(File_Operation.READ_AllText(Settings.GET_SearchTermsFile_Path)));
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.Logs_Last_Sent], Crypto_Operation.Protect_Data_Value(DateTime.Now.ToString()));
}
internal static void READ_ALL_SWELF_Reg_Keys()
{
foreach (string RegKeyValue in BASE_SWELF_KEY.GetValueNames())
{
try
{
if (String.IsNullOrEmpty(BASE_SWELF_KEY.GetValue(RegKeyValue).ToString()) == false)
{
Settings.REG_Keys.Add(RegKeyValue, READ_SWELF_Reg_Key(RegKeyValue));
}
}
catch (Exception e)
{
if (e.Message.Contains("An item with the same key has already been added.") == false)
{
Error_Operation.Log_Error("READ_ALL_SWELF_Reg_Keys()", e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Verbose);
}
}
}
if (CHECK_SWELF_Reg_Key_Exists(REG_KEY.Logs_Last_Sent) == false)
{
string Date = DateTime.Now.ToString();
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.Logs_Last_Sent], Crypto_Operation.Protect_Data_Value(Date));
Settings.REG_Keys.Add(SWELF_Keys[20], Date);
}
}
internal static bool CHECK_File_vs_Reg_Contents(string SettingsConfigFilePath, Reg_Operation.REG_KEY RegKey)
{
if (Crypto_Operation.Decrypt_File_Contents(SettingsConfigFilePath).ToLower() == Reg_Operation.READ_SWELF_Reg_Key(RegKey).ToLower())
{
return(true);
}
else
{
return(false);
}
}
/// <summary>
/// Writes Searchs folder configs
/// </summary>
internal static void VERIFY_Search_Default_Files_Ready()//Writes Searchs.txt defaults
{
if (!CHECK_if_File_Exists(Settings.GET_SearchTermsFile_Path))
{
CREATE_NEW_Files_And_Dirs(Settings.Search_File_Location, Settings.SearchTermsFileName_FileName, GET_Default_Logs_Search_File_Contents);
Crypto_Operation.Secure_File(Settings.GET_SearchTermsFile_Path);
}
if (!CHECK_if_File_Exists(Settings.GET_WhiteList_SearchTermsFile_Path))
{
CREATE_NEW_Files_And_Dirs(Settings.Search_File_Location, Settings.Search_WhiteList_FileName, GET_Default_Whitelist_File_Contents);
Crypto_Operation.Secure_File(Settings.GET_WhiteList_SearchTermsFile_Path);
}
}
internal static void SEND_Logs(Queue <EventLog_Entry> Event_logs)
{
if (Settings.Log_Forwarders_HostNames.Any(s => string.Equals(s, "127.0.0.1", StringComparison.OrdinalIgnoreCase)) == false && Settings.Log_Forwarders_HostNames.Any(s => string.IsNullOrEmpty(s)) == false)
{
if (Settings.AppConfig_File_Args.ContainsKey(Settings.SWELF_AppConfig_Args[14]) == false)
{
Settings.AppConfig_File_Args.Add(Settings.SWELF_AppConfig_Args[14], "udp");
}
if (Settings.AppConfig_File_Args[Settings.SWELF_AppConfig_Args[14]] == "tcp")//If user wants send logs tcp
{
for (int x = 0; x < Settings.Log_Forwarders_HostNames.Count; ++x)
{
try
{
for (int y = 0; y < Event_logs.Count; ++y)
{
Socket_Client_TCP(Crypto_Operation.CONVERT_To_ASCII_Bytes(GET_Log_Output_Format(Event_logs.ElementAt(y))), x);
}
}
catch (Exception e)
{
Settings.Logs_Sent_to_ALL_Collectors = false;
Error_Operation.Log_Error("SEND_Logs() [transport_protocol] == tcp", Settings.Log_Forwarders_HostNames.ElementAt(x) + " " + e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning);
}
}
Settings.Logs_Sent_to_ALL_Collectors = true;
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.Logs_Last_Sent, DateTime.Now.ToString());
}
else//Default send logs UDP
{
for (int x = 0; x < Settings.Log_Forwarders_HostNames.Count; ++x)
{
try
{
for (int y = 0; y < Event_logs.Count; ++y)
{
Socket_Client_UDP(Crypto_Operation.CONVERT_To_ASCII_Bytes(GET_Log_Output_Format(Event_logs.ElementAt(y))), x);
}
}
catch (Exception e)
{
Settings.Logs_Sent_to_ALL_Collectors = false;
Error_Operation.Log_Error("SEND_Logs() else//Default send logs UDP", Settings.Log_Forwarders_HostNames.ElementAt(x) + " " + e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning);
}
}
Settings.Logs_Sent_to_ALL_Collectors = true;
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.Logs_Last_Sent, DateTime.Now.ToString());
}
}
}
internal static List <string> READ_File_In_List(string FilePath)
{
if (CHECK_File_Encrypted(FilePath) == true)
{
Crypto_Operation.UnSecure_File(FilePath);
List <string> TEMP_Contents = File.ReadAllLines(FilePath).ToList();
Crypto_Operation.Secure_File(FilePath);
return(TEMP_Contents);
}
else
{
return(File.ReadAllLines(FilePath).ToList());
}
}
internal static string[] READ_File_In_StringArray(string FilePath)
{
if (CHECK_if_File_Exists(FilePath))
{
Crypto_Operation.UnSecure_File(FilePath);
string[] Contents = File.ReadAllLines(FilePath);
Crypto_Operation.Secure_File(FilePath);
return(Contents);
}
else
{
Error_Operation.Log_Error("READ_File_In_StringArray()", "File not found " + FilePath, "", Error_Operation.LogSeverity.Informataion);
return(File.ReadAllLines(FilePath));
}
}
internal static void APPEND_Data_To_File(string FilePath, string Values)
{
if (CHECK_if_File_Exists(FilePath))
{
if (CHECK_Data_Encrypted(FilePath))
{
Crypto_Operation.UnSecure_File(FilePath);
File.AppendAllText(FilePath, Values);
Crypto_Operation.Secure_File(FilePath);
}
else
{
File.AppendAllText(FilePath, Values);
}
}
}
internal static void UPDATE_Local_Config_With_Central_Config(string WebPath, string LocalPath, string FileName)
{
if (string.IsNullOrEmpty(Central_Config_File_Web_Cache))
{
File_Operation.DELETE_File(LocalPath); //remove old config file
Wclient.DownloadFile(WebPath, LocalPath); //if match read local files
}
else
{
File_Operation.DELETE_File(LocalPath);//remove old config file
File_Operation.APPEND_AllTXT(LocalPath, Central_Config_File_Web_Cache);
}
Error_Operation.Log_Error("GET_Central_Config_File()", "Updated " + FileName + " from " + WebPath + ". It was downloaded to " + LocalPath, "", Error_Operation.LogSeverity.Verbose, Error_Operation.EventID.SWELF_Central_Config_Changed);//log change
if (File_Operation.CHECK_File_Encrypted(LocalPath) == false)
{
Crypto_Operation.Secure_File(LocalPath);
}
}
private static string READ_SWELF_Reg_Key(string Key)
{
try
{
if (CHECK_SWELF_Reg_Key_Exists(Key))
{
if (Crypto_Operation.CHECK_Value_Encrypted(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(Key))))
{
try
{
return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(Key)));
}
catch (Exception e)
{
if (e.Message.Contains("Unable to cast object of type 'System.String' to type 'System.Byte[]'."))
{
ADD_or_CHANGE_SWELF_Reg_Key(Key, (string)BASE_SWELF_KEY.GetValue(Key));
}
try
{
return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(Key)));
}
catch (Exception ex)
{
return("");
}
}
}
else
{
return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(Key)));
}
}
else
{
return("");
}
}
catch (Exception e)
{
Error_Operation.Log_Error("READ_SWELF_Reg_Key()", e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Verbose);
return("");
}
}
/// <summary>
/// Writes CONSOLEAPPCONFIG default configs
/// </summary>
internal static void VERIFY_AppConfig_Default_Files_Ready()//Writes default CONSOLEAPPCONFIG default configs
{
if (!CHECK_if_File_Exists(Settings.GET_AppConfigFile_Path))
{
CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.AppConfigFile_FileName, GET_Default_ConsoleAppConfig_File_Contents);
Crypto_Operation.Secure_File(Settings.GET_AppConfigFile_Path);
}
if (!CHECK_if_File_Exists(Settings.GET_EventLogID_PlaceHolder_Path))//eventlogplaceholder
{
CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.EventLogID_PlaceHolde_FileName, GET_Default_Eventlog_with_PlaceKeeper_File_Contents);
Crypto_Operation.Secure_File(Settings.GET_EventLogID_PlaceHolder_Path);
}
if (!CHECK_if_File_Exists(Settings.GET_FilesToMonitor_Path))
{
CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.FilesToMonitor_FileName, @"#C:\MyCustomApp\LogFile.log");
}
if (!CHECK_if_File_Exists(Settings.GET_DirectoriesToMonitor_Path))
{
CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.DirectoriesToMonitor_FileName, @"#%SystemDrive%\inetpub\logs\LogFiles");
}
}
internal static void READ_ALL_SWELF_Reg_Keys()
{
foreach (string sub in BASE_SWELF_KEY.GetValueNames())
{
try
{
if (String.IsNullOrEmpty(BASE_SWELF_KEY.GetValue(sub).ToString()) == false)
{
Settings.REG_Keys.Add(sub, READ_SWELF_Reg_Key(sub));
}
}
catch (Exception e)
{
Error_Operation.Log_Error("READ_ALL_SWELF_Reg_Keys()", e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Verbose);
}
}
if (CHECK_SWELF_Reg_Key_Exists(REG_KEY.Logs_Last_Sent) == false)
{
string Date = DateTime.Now.ToString();
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.Logs_Last_Sent], Crypto_Operation.Protect_Data_Value(Date));
Settings.REG_Keys.Add(SWELF_Keys[20], Date);
}
}
internal static string READ_AllText(string FilePath)
{
bool FIleExists = CHECK_if_File_Exists(FilePath);
if (FIleExists && CHECK_File_Encrypted(FilePath))
{
Crypto_Operation.UnSecure_File(FilePath);
string Contents = File.ReadAllText(FilePath);
Crypto_Operation.Secure_File(FilePath);
return(Contents);
}
else
{
if (FIleExists == false)
{
Error_Operation.Log_Error("READ_AllText()", "File not found " + FilePath, "", Error_Operation.LogSeverity.Informataion);
return(null);
}
else
{
return(File.ReadAllText(FilePath));
}
}
}
internal static bool VERIFY_Central_File_Config_Hash(string HTTP_File_Path, string Local_File_Path)
{
string HTTPFileHash;
string LocalFileHash;
try
{
ServicePointManager.Expect100Continue = true;
ServicePointManager.CheckCertificateRevocationList = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls | SecurityProtocolType.Ssl3;
using (CustomWebClient response = new CustomWebClient())
{
//string Web_Config_File_Contents = response.DownloadString(HTTP_File_Path);
if (Settings.Central_Config_Hashs.ContainsKey(HTTP_File_Path) == true)//determine if we use cache version
{
HTTPFileHash = Settings.Central_Config_Hashs[HTTP_File_Path];
}
else//no cache version get from network
{
Uri uri = new Uri(HTTP_File_Path);
Central_Config_File_Web_Cache = Crypto_Operation.CONVERT_To_String_From_Bytes(response.DownloadData(uri), 2);//get file has from Network
using (var sha256 = SHA256.Create())
{
HTTPFileHash = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(Central_Config_File_Web_Cache)));
}
if (Settings.Central_Config_Hashs.ContainsKey(HTTP_File_Path) == false)
{
Settings.Central_Config_Hashs.Add(HTTP_File_Path, HTTPFileHash);
}
}
using (var sha2562 = SHA256.Create())//Get local file hash
{
if (File_Operation.CHECK_if_File_Exists(Local_File_Path) == false)
{
return(false);//no local file
}
else
{
LocalFileHash = BitConverter.ToString(sha2562.ComputeHash(Encoding.UTF8.GetBytes(File_Operation.READ_AllText(Local_File_Path))));
}
}
if (HTTPFileHash == LocalFileHash)
{
return(true);
}
else
{
return(false);
}
}
}
catch (Exception e)
{
if ((!e.Message.Contains("The operation has timed out") || !e.Message.Contains("The remote name could not be resolved: ")) || (Settings.Logging_Level_To_Report.ToLower() == "informataion" || Settings.Logging_Level_To_Report.ToLower() == "verbose"))
{
Error_Operation.Log_Error("VERIFY_Central_File_Config_Hash()", e.Message.ToString() + " " + HTTP_File_Path + " " + Local_File_Path, e.StackTrace.ToString(), Error_Operation.LogSeverity.Informataion);
}
return(false);
}
finally
{
Wclient.Dispose();
}
}
internal static bool CHECK_SWELF_Reg_Key_Exists(REG_KEY Key)
{
try
{
if (Settings.REG_Keys.Count > 1)
{
if (Settings.REG_Keys.ContainsKey(SWELF_Keys[(int)Key].ToString()))
{
return(true);
}
else
{
return(false);
}
}
else
{
if (String.IsNullOrEmpty(BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key]).ToString()) == false)
{
return(true);
}
else
{
return(false);
}
}
}
catch (Exception e)
{
if (Key != REG_KEY.logging_level)
{
Error_Operation.Log_Error("CHECK_SWELF_Reg_Key_Exists()", e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Verbose);
return(false);
}
else
{
BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.logging_level].ToString(), Crypto_Operation.Protect_Data_Value(Settings.Logging_Level_To_Report));
return(true);
}
}
}
internal static string Base64Encode(string plainText)
{
byte[] plainTextBytes = Crypto_Operation.CONVERT_To_ASCII_Bytes(plainText.ToCharArray().ToString());
return(System.Convert.ToBase64String(plainTextBytes, Base64FormattingOptions.None));
}
internal static bool VERIFY_Central_Reg_Config_Hash(string HTTP_File_Path, string RegContents)
{
string HTTPFileHash;
string LocalFileHash;
try
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(HTTP_File_Path);
request.AllowAutoRedirect = false;
request.UnsafeAuthenticatedConnectionSharing = false;
request.Timeout = 150000;
ServicePointManager.Expect100Continue = true;
ServicePointManager.CheckCertificateRevocationList = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls | SecurityProtocolType.Ssl3;
using (CustomWebClient response = new CustomWebClient())
{
//string Web_Config_File_Contents = response.DownloadString(HTTP_File_Path);
if (Settings.Central_Config_Hashs.ContainsKey(HTTP_File_Path) == true)//determine if we use cache version
{
HTTPFileHash = Settings.Central_Config_Hashs[HTTP_File_Path];
}
else//no cache version get from network
{
Uri uri = new Uri(HTTP_File_Path);
Central_Config_File_Web_Cache = Crypto_Operation.CONVERT_To_String_From_Bytes(response.DownloadData(uri), 2);//get file has from Network
using (var sha256 = SHA256.Create())
{
HTTPFileHash = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(Central_Config_File_Web_Cache)));
}
if (Settings.Central_Config_Hashs.ContainsKey(HTTP_File_Path) == false)
{
Settings.Central_Config_Hashs.Add(HTTP_File_Path, HTTPFileHash);
}
}
using (var sha2562 = SHA256.Create())//Get local file hash
{
LocalFileHash = BitConverter.ToString(sha2562.ComputeHash(Encoding.UTF8.GetBytes(RegContents)));
}
Connection_Successful = true;
if (HTTPFileHash == LocalFileHash)
{
return(true);
}
else
{
return(false);
}
}
}
catch (Exception e)
{
Connection_Successful = false;
if (e.Message.Contains("has timed out") == false && e.Message.Contains("The remote name could not be resolved: ") == false)
{
Error_Operation.Log_Error("VERIFY_Central_File_Config_Hash()", e.Message.ToString() + " " + HTTP_File_Path + " ", e.StackTrace.ToString(), Error_Operation.LogSeverity.Informataion);
}
else if ((e.Message.Contains("The operation has timed out") || e.Message.Contains("The remote name could not be resolved: ")))
{
Error_Operation.WRITE_Errors_To_Log("VERIFY_Central_File_Config_Hash()", "Network unavaiulable for SWELF." + e.Message.ToString() + " " + HTTP_File_Path + " ", Error_Operation.LogSeverity.Informataion);
}
return(false);
}
finally
{
Wclient.Dispose();
}
}
internal static string READ_SWELF_Reg_Key(REG_KEY Key, bool Log_Error = true)
{
try
{
if (Settings.REG_Keys.Count > 1)
{
if (Settings.REG_Keys.ContainsKey(SWELF_Keys[(int)Key].ToString()))
{
return(Settings.REG_Keys[SWELF_Keys[(int)Key]].ToString());
}
else
{
return("");
}
}
else
{
if (CHECK_SWELF_Reg_Key_Exists(Key))
{
if (Crypto_Operation.CHECK_Value_Encrypted(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key]))))
{
try
{
return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key])));
}
catch (Exception e)
{
ADD_or_CHANGE_SWELF_Reg_Key(Key, SWELF_Keys[(int)Key]);
return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key])));
}
}
else
{
ADD_or_CHANGE_SWELF_Reg_Key(Key, Crypto_Operation.CONVERT_To_String_From_Bytes(Crypto_Operation.Protect_Data_Value(SWELF_Keys[(int)Key].ToString()), 1));
return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key])));
}
}
else
{
return("");
}
}
}
catch
{
try
{
if (CHECK_SWELF_Reg_Key_Exists(Key))
{
if (Crypto_Operation.CHECK_Value_Encrypted(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key]))))
{
try
{
return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key])));
}
catch (Exception e)
{
ADD_or_CHANGE_SWELF_Reg_Key(Key, SWELF_Keys[(int)Key]);
return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key])));
}
}
else
{
ADD_or_CHANGE_SWELF_Reg_Key(Key, Crypto_Operation.CONVERT_To_String_From_Bytes(Crypto_Operation.Protect_Data_Value(SWELF_Keys[(int)Key].ToString()), 1));
return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key])));
}
}
else
{
if (Log_Error)
{
Error_Operation.Log_Error("CHANGE_Reg_Key()", "Reg Key does not exist. RegKey=" + Key, "", Error_Operation.LogSeverity.Warning);
}
return("");
}
}
catch (Exception e)
{
if (Log_Error)
{
Error_Operation.Log_Error("CHANGE_Reg_Key()", "Reg Key does not exist. RegKey=" + Key + ". " + e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning);
}
return("");
}
}
}
internal static void ADD_or_CHANGE_SWELF_Reg_Key(string Key, string Value)
{
BASE_SWELF_KEY.SetValue(Key, Crypto_Operation.Protect_Data_Value(Value));
}
internal static bool VERIFY_Central_File_Config_Hash(string HTTP_File_Path, string Local_File_Path)
{
string HTTPFileHash;
string LocalFileHash;
try
{
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(HTTP_File_Path);
request.AllowAutoRedirect = false;
request.UnsafeAuthenticatedConnectionSharing = false;
request.Timeout = 150000;
ServicePointManager.Expect100Continue = true;
ServicePointManager.CheckCertificateRevocationList = false;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls | SecurityProtocolType.Ssl3;
using (CustomWebClient response = new CustomWebClient())
{
//string Web_Config_File_Contents = response.DownloadString(HTTP_File_Path);
if (Settings.Central_Config_Hashs.ContainsKey(HTTP_File_Path) == true)//determine if we use cache version
{
HTTPFileHash = Settings.Central_Config_Hashs[HTTP_File_Path];
}
else//no cache version get from network
{
Central_Config_File_Web_Cache = Crypto_Operation.CONVERT_To_String_From_Bytes(response.DownloadData(HTTP_File_Path), 2);//get file has from Network
using (var sha256 = SHA256.Create())
{
HTTPFileHash = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(Central_Config_File_Web_Cache)));
}
if (Settings.Central_Config_Hashs.ContainsKey(HTTP_File_Path) == false)
{
Settings.Central_Config_Hashs.Add(HTTP_File_Path, HTTPFileHash);
}
}
using (var sha2562 = SHA256.Create())//Get local file hash
{
if (File_Operation.CHECK_if_File_Exists(Local_File_Path) == false)
{
return(false);//no local file
}
else
{
LocalFileHash = BitConverter.ToString(sha2562.ComputeHash(Encoding.UTF8.GetBytes(File_Operation.READ_AllText(Local_File_Path))));
}
}
if (HTTPFileHash == LocalFileHash)
{
return(true);
}
else
{
return(false);
}
}
}
catch (Exception e)
{
Error_Operation.WRITE_Errors_To_Log("VERIFY_Central_File_Config_Hash()", e.Message.ToString() + " " + HTTP_File_Path + " " + Local_File_Path, Error_Operation.LogSeverity.Informataion);//log change
return(false);
}
finally
{
Wclient.Dispose();
}
}
private static byte[] GET_Encoding_to_Return(EventLog_Entry Data)
{
return(Crypto_Operation.CONVERT_To_UTF8_Bytes(GET_Log_Output_Format(Data)));
}
internal static void CHECK_Reg_vs_File_Config(string Settings_FilePath)
{
if (Settings.GET_AppConfigFile_Path == Settings_FilePath)//Appconfig
{
if (CHECK_File_vs_Reg_Contents(Settings_FilePath, Reg_Operation.REG_KEY.ConsoleAppConfig_Contents) == false)
{
EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("CHECK_Reg_vs_File_Config() The app config file(ConsoleAppConfig.conf) did not match what was stored in the registry on this machine. Config File was " + Settings_FilePath);
if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents))
{
File_Operation.DELETE_AND_CREATE_File(Settings.GET_AppConfigFile_Path);
File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.AppConfigFile_FileName, File_Operation.GET_Default_ConsoleAppConfig_File_Contents);
}
else
{
File_Operation.DELETE_AND_CREATE_File(Settings.GET_AppConfigFile_Path);
File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.AppConfigFile_FileName, Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents));
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents, Crypto_Operation.Decrypt_File_Contents(Settings.GET_AppConfigFile_Path));
}
}
}
else if (Settings.GET_EventLogID_PlaceHolder_Path == Settings_FilePath)//EventLog ID
{
EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("CHECK_Reg_vs_File_Config() The file that tracks the event id of an eventlog config file (Eventlog_with_PlaceKeeper.txt) did not match what was stored in the registry on this machine. Config File was " + Settings_FilePath);
File_Operation.DELETE_AND_CREATE_File(Settings.GET_EventLogID_PlaceHolder_Path);
File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.AppConfigFile_FileName, File_Operation.GET_Default_ConsoleAppConfig_File_Contents);
}
else if (Settings.GET_SearchTermsFile_Path == Settings_FilePath)//Search SearchFile
{
if (CHECK_File_vs_Reg_Contents(Settings_FilePath, Reg_Operation.REG_KEY.SearchTerms_File_Contents) == false)
{
EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("CHECK_Reg_vs_File_Config() The Search term file (Searchs.txt) config file did not match what was stored in the registry on this machine. Config File was " + Settings_FilePath);
File_Operation.DELETE_AND_CREATE_File(Settings.GET_SearchTermsFile_Path);
File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Search_File_Location, Settings.SearchTermsFileName_FileName, File_Operation.GET_Default_Eventlog_with_PlaceKeeper_File_Contents);
}
}
else if (Settings.GET_WhiteList_SearchTermsFile_Path == Settings_FilePath)//Search WHitelist
{
EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("CHECK_Reg_vs_File_Config() The white list search terms file (WhiteList_Searchs.txt) did not match what was stored in the registry on this machine. Config File was " + Settings_FilePath);
File_Operation.DELETE_AND_CREATE_File(Settings.GET_WhiteList_SearchTermsFile_Path);
File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Search_File_Location, Settings.Search_WhiteList_FileName, File_Operation.GET_Default_Whitelist_File_Contents);
}
else if (Settings.GET_SearchTermsFile_PLUGIN_Path == Settings_FilePath)//PLUGIN Search
{
EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("CHECK_Reg_vs_File_Config() The Plugin config file (Search.txt in the Plugins Folder) did not match what was stored in the registry on this machine. Config File was " + Settings_FilePath);
File_Operation.DELETE_AND_CREATE_File(Settings.GET_SearchTermsFile_PLUGIN_Path);
File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Plugin_Files_Location, Settings.SearchTermsFileName_FileName, File_Operation.GET_Default_Powershell_Plugins_File_Contents);
}
else if (Settings.GET_WhiteList_SearchTermsFile_PLUGIN_Path == Settings_FilePath)//PLugin WHitelist
{
EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("CHECK_Reg_vs_File_Config() The Plugin config file (WhiteList_Searchs.txt in the Plugins Folder) did not match what was stored in the registry on this machine. Config File was " + Settings_FilePath);
File_Operation.DELETE_AND_CREATE_File(Settings.GET_WhiteList_SearchTermsFile_PLUGIN_Path);
File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Plugin_Files_Location, Settings.Search_WhiteList_FileName, File_Operation.GET_Default_Whitelist_File_Contents);
}
else
{
LOG_SEC_CHECK_Fail("CHECK_Reg_vs_File_Config() File Path:" + Settings_FilePath + " did not match encrypted config file path");
}
}