internal static object READ_Eventlog_SWELF_Reg_Key(string Key) { if (Settings.REG_Keys.Count > 1) { if (Settings.REG_Keys.ContainsKey(Key)) { return(Settings.REG_Keys[Key]); } } else { if (CHECK_Eventlog_SWELF_Reg_Key_Exists(Key)) { if (Crypto_Operation.CHECK_Value_Encrypted(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(Key)))) { return(Crypto_Operation.UnProtect_Data_Value(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(Key)))); } else { ADD_or_CHANGE_SWELF_Reg_Key(Key, Crypto_Operation.CONVERT_To_String_From_Bytes(Crypto_Operation.Protect_Data_Value(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(Key))), 1)); return(Crypto_Operation.UnProtect_Data_Value(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(Key)))); } } else { Error_Operation.Log_Error("CHANGE_Reg_Key()", "Reg Key does not exist. RegKey=" + Key, "", Error_Operation.LogSeverity.Warning); return(""); } } return(""); }
internal static void WRITE_Default_SWELF_Reg_Keys() { Microsoft.Win32.RegistryKey key; key = Microsoft.Win32.Registry.LocalMachine.CreateSubKey("Software\\SWELF"); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.First_Run].ToString(), Crypto_Operation.Protect_Data_Value("true")); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.LogCollecter].ToString(), Crypto_Operation.Protect_Data_Value("127.0.0.1")); //BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.LogCollecter_1].ToString(), Encryptions.Protect_Data_Value("127.0.0.1")); //BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.LogCollecter_2].ToString(), Encryptions.Protect_Data_Value("127.0.0.1")); //BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.LogCollecter_3].ToString(), Encryptions.Protect_Data_Value("127.0.0.1")); //BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.LogCollecter_4].ToString(), Encryptions.Protect_Data_Value("127.0.0.1")); //BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.LogCollecter_5].ToString(), Encryptions.Protect_Data_Value("127.0.0.1")); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.Encryption].ToString(), Crypto_Operation.Protect_Data_Value(Crypto_Operation.Generate_Decrypt())); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.logging_level].ToString(), Crypto_Operation.Protect_Data_Value(Settings.Logging_Level_To_Report)); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.output_format].ToString(), Crypto_Operation.Protect_Data_Value("keyvalue")); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.SWELF_Current_Version].ToString(), Crypto_Operation.Protect_Data_Value(Settings.SWELF_Version)); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.SWELF_CWD].ToString(), Crypto_Operation.Protect_Data_Value(Settings.SWELF_CWD)); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.SWELF_FAILED_SEC_CHECK].ToString(), Crypto_Operation.Protect_Data_Value("false")); //BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.central_app_config].ToString(), Crypto_Operation.Protect_Data_Value("")); //BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.central_plugin_search_config].ToString(), Crypto_Operation.Protect_Data_Value("")); // BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.central_search_config].ToString(), Crypto_Operation.Protect_Data_Value("")); //BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.central_whitelist_search_config].ToString(),Crypto_Operation.Protect_Data_Value("")); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.ConsoleAppConfig_CreationDate].ToString(), Crypto_Operation.Protect_Data_Value(File_Operation.GET_CreationTime(Settings.GET_AppConfigFile_Path))); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.ConsoleAppConfig_Contents], Crypto_Operation.Protect_Data_Value(File_Operation.READ_AllText(Settings.GET_AppConfigFile_Path))); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.SearchTerms_File_Contents], Crypto_Operation.Protect_Data_Value(File_Operation.READ_AllText(Settings.GET_SearchTermsFile_Path))); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.Logs_Last_Sent], Crypto_Operation.Protect_Data_Value(DateTime.Now.ToString())); }
internal static void READ_ALL_SWELF_Reg_Keys() { foreach (string RegKeyValue in BASE_SWELF_KEY.GetValueNames()) { try { if (String.IsNullOrEmpty(BASE_SWELF_KEY.GetValue(RegKeyValue).ToString()) == false) { Settings.REG_Keys.Add(RegKeyValue, READ_SWELF_Reg_Key(RegKeyValue)); } } catch (Exception e) { if (e.Message.Contains("An item with the same key has already been added.") == false) { Error_Operation.Log_Error("READ_ALL_SWELF_Reg_Keys()", e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Verbose); } } } if (CHECK_SWELF_Reg_Key_Exists(REG_KEY.Logs_Last_Sent) == false) { string Date = DateTime.Now.ToString(); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.Logs_Last_Sent], Crypto_Operation.Protect_Data_Value(Date)); Settings.REG_Keys.Add(SWELF_Keys[20], Date); } }
internal static bool CHECK_File_vs_Reg_Contents(string SettingsConfigFilePath, Reg_Operation.REG_KEY RegKey) { if (Crypto_Operation.Decrypt_File_Contents(SettingsConfigFilePath).ToLower() == Reg_Operation.READ_SWELF_Reg_Key(RegKey).ToLower()) { return(true); } else { return(false); } }
/// <summary> /// Writes Searchs folder configs /// </summary> internal static void VERIFY_Search_Default_Files_Ready()//Writes Searchs.txt defaults { if (!CHECK_if_File_Exists(Settings.GET_SearchTermsFile_Path)) { CREATE_NEW_Files_And_Dirs(Settings.Search_File_Location, Settings.SearchTermsFileName_FileName, GET_Default_Logs_Search_File_Contents); Crypto_Operation.Secure_File(Settings.GET_SearchTermsFile_Path); } if (!CHECK_if_File_Exists(Settings.GET_WhiteList_SearchTermsFile_Path)) { CREATE_NEW_Files_And_Dirs(Settings.Search_File_Location, Settings.Search_WhiteList_FileName, GET_Default_Whitelist_File_Contents); Crypto_Operation.Secure_File(Settings.GET_WhiteList_SearchTermsFile_Path); } }
internal static void SEND_Logs(Queue <EventLog_Entry> Event_logs) { if (Settings.Log_Forwarders_HostNames.Any(s => string.Equals(s, "127.0.0.1", StringComparison.OrdinalIgnoreCase)) == false && Settings.Log_Forwarders_HostNames.Any(s => string.IsNullOrEmpty(s)) == false) { if (Settings.AppConfig_File_Args.ContainsKey(Settings.SWELF_AppConfig_Args[14]) == false) { Settings.AppConfig_File_Args.Add(Settings.SWELF_AppConfig_Args[14], "udp"); } if (Settings.AppConfig_File_Args[Settings.SWELF_AppConfig_Args[14]] == "tcp")//If user wants send logs tcp { for (int x = 0; x < Settings.Log_Forwarders_HostNames.Count; ++x) { try { for (int y = 0; y < Event_logs.Count; ++y) { Socket_Client_TCP(Crypto_Operation.CONVERT_To_ASCII_Bytes(GET_Log_Output_Format(Event_logs.ElementAt(y))), x); } } catch (Exception e) { Settings.Logs_Sent_to_ALL_Collectors = false; Error_Operation.Log_Error("SEND_Logs() [transport_protocol] == tcp", Settings.Log_Forwarders_HostNames.ElementAt(x) + " " + e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning); } } Settings.Logs_Sent_to_ALL_Collectors = true; Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.Logs_Last_Sent, DateTime.Now.ToString()); } else//Default send logs UDP { for (int x = 0; x < Settings.Log_Forwarders_HostNames.Count; ++x) { try { for (int y = 0; y < Event_logs.Count; ++y) { Socket_Client_UDP(Crypto_Operation.CONVERT_To_ASCII_Bytes(GET_Log_Output_Format(Event_logs.ElementAt(y))), x); } } catch (Exception e) { Settings.Logs_Sent_to_ALL_Collectors = false; Error_Operation.Log_Error("SEND_Logs() else//Default send logs UDP", Settings.Log_Forwarders_HostNames.ElementAt(x) + " " + e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning); } } Settings.Logs_Sent_to_ALL_Collectors = true; Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.Logs_Last_Sent, DateTime.Now.ToString()); } } }
internal static List <string> READ_File_In_List(string FilePath) { if (CHECK_File_Encrypted(FilePath) == true) { Crypto_Operation.UnSecure_File(FilePath); List <string> TEMP_Contents = File.ReadAllLines(FilePath).ToList(); Crypto_Operation.Secure_File(FilePath); return(TEMP_Contents); } else { return(File.ReadAllLines(FilePath).ToList()); } }
internal static string[] READ_File_In_StringArray(string FilePath) { if (CHECK_if_File_Exists(FilePath)) { Crypto_Operation.UnSecure_File(FilePath); string[] Contents = File.ReadAllLines(FilePath); Crypto_Operation.Secure_File(FilePath); return(Contents); } else { Error_Operation.Log_Error("READ_File_In_StringArray()", "File not found " + FilePath, "", Error_Operation.LogSeverity.Informataion); return(File.ReadAllLines(FilePath)); } }
internal static void APPEND_Data_To_File(string FilePath, string Values) { if (CHECK_if_File_Exists(FilePath)) { if (CHECK_Data_Encrypted(FilePath)) { Crypto_Operation.UnSecure_File(FilePath); File.AppendAllText(FilePath, Values); Crypto_Operation.Secure_File(FilePath); } else { File.AppendAllText(FilePath, Values); } } }
internal static void UPDATE_Local_Config_With_Central_Config(string WebPath, string LocalPath, string FileName) { if (string.IsNullOrEmpty(Central_Config_File_Web_Cache)) { File_Operation.DELETE_File(LocalPath); //remove old config file Wclient.DownloadFile(WebPath, LocalPath); //if match read local files } else { File_Operation.DELETE_File(LocalPath);//remove old config file File_Operation.APPEND_AllTXT(LocalPath, Central_Config_File_Web_Cache); } Error_Operation.Log_Error("GET_Central_Config_File()", "Updated " + FileName + " from " + WebPath + ". It was downloaded to " + LocalPath, "", Error_Operation.LogSeverity.Verbose, Error_Operation.EventID.SWELF_Central_Config_Changed);//log change if (File_Operation.CHECK_File_Encrypted(LocalPath) == false) { Crypto_Operation.Secure_File(LocalPath); } }
private static string READ_SWELF_Reg_Key(string Key) { try { if (CHECK_SWELF_Reg_Key_Exists(Key)) { if (Crypto_Operation.CHECK_Value_Encrypted(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(Key)))) { try { return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(Key))); } catch (Exception e) { if (e.Message.Contains("Unable to cast object of type 'System.String' to type 'System.Byte[]'.")) { ADD_or_CHANGE_SWELF_Reg_Key(Key, (string)BASE_SWELF_KEY.GetValue(Key)); } try { return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(Key))); } catch (Exception ex) { return(""); } } } else { return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(Key))); } } else { return(""); } } catch (Exception e) { Error_Operation.Log_Error("READ_SWELF_Reg_Key()", e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Verbose); return(""); } }
/// <summary> /// Writes CONSOLEAPPCONFIG default configs /// </summary> internal static void VERIFY_AppConfig_Default_Files_Ready()//Writes default CONSOLEAPPCONFIG default configs { if (!CHECK_if_File_Exists(Settings.GET_AppConfigFile_Path)) { CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.AppConfigFile_FileName, GET_Default_ConsoleAppConfig_File_Contents); Crypto_Operation.Secure_File(Settings.GET_AppConfigFile_Path); } if (!CHECK_if_File_Exists(Settings.GET_EventLogID_PlaceHolder_Path))//eventlogplaceholder { CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.EventLogID_PlaceHolde_FileName, GET_Default_Eventlog_with_PlaceKeeper_File_Contents); Crypto_Operation.Secure_File(Settings.GET_EventLogID_PlaceHolder_Path); } if (!CHECK_if_File_Exists(Settings.GET_FilesToMonitor_Path)) { CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.FilesToMonitor_FileName, @"#C:\MyCustomApp\LogFile.log"); } if (!CHECK_if_File_Exists(Settings.GET_DirectoriesToMonitor_Path)) { CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.DirectoriesToMonitor_FileName, @"#%SystemDrive%\inetpub\logs\LogFiles"); } }
internal static void READ_ALL_SWELF_Reg_Keys() { foreach (string sub in BASE_SWELF_KEY.GetValueNames()) { try { if (String.IsNullOrEmpty(BASE_SWELF_KEY.GetValue(sub).ToString()) == false) { Settings.REG_Keys.Add(sub, READ_SWELF_Reg_Key(sub)); } } catch (Exception e) { Error_Operation.Log_Error("READ_ALL_SWELF_Reg_Keys()", e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Verbose); } } if (CHECK_SWELF_Reg_Key_Exists(REG_KEY.Logs_Last_Sent) == false) { string Date = DateTime.Now.ToString(); BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.Logs_Last_Sent], Crypto_Operation.Protect_Data_Value(Date)); Settings.REG_Keys.Add(SWELF_Keys[20], Date); } }
internal static string READ_AllText(string FilePath) { bool FIleExists = CHECK_if_File_Exists(FilePath); if (FIleExists && CHECK_File_Encrypted(FilePath)) { Crypto_Operation.UnSecure_File(FilePath); string Contents = File.ReadAllText(FilePath); Crypto_Operation.Secure_File(FilePath); return(Contents); } else { if (FIleExists == false) { Error_Operation.Log_Error("READ_AllText()", "File not found " + FilePath, "", Error_Operation.LogSeverity.Informataion); return(null); } else { return(File.ReadAllText(FilePath)); } } }
internal static bool VERIFY_Central_File_Config_Hash(string HTTP_File_Path, string Local_File_Path) { string HTTPFileHash; string LocalFileHash; try { ServicePointManager.Expect100Continue = true; ServicePointManager.CheckCertificateRevocationList = false; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls | SecurityProtocolType.Ssl3; using (CustomWebClient response = new CustomWebClient()) { //string Web_Config_File_Contents = response.DownloadString(HTTP_File_Path); if (Settings.Central_Config_Hashs.ContainsKey(HTTP_File_Path) == true)//determine if we use cache version { HTTPFileHash = Settings.Central_Config_Hashs[HTTP_File_Path]; } else//no cache version get from network { Uri uri = new Uri(HTTP_File_Path); Central_Config_File_Web_Cache = Crypto_Operation.CONVERT_To_String_From_Bytes(response.DownloadData(uri), 2);//get file has from Network using (var sha256 = SHA256.Create()) { HTTPFileHash = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(Central_Config_File_Web_Cache))); } if (Settings.Central_Config_Hashs.ContainsKey(HTTP_File_Path) == false) { Settings.Central_Config_Hashs.Add(HTTP_File_Path, HTTPFileHash); } } using (var sha2562 = SHA256.Create())//Get local file hash { if (File_Operation.CHECK_if_File_Exists(Local_File_Path) == false) { return(false);//no local file } else { LocalFileHash = BitConverter.ToString(sha2562.ComputeHash(Encoding.UTF8.GetBytes(File_Operation.READ_AllText(Local_File_Path)))); } } if (HTTPFileHash == LocalFileHash) { return(true); } else { return(false); } } } catch (Exception e) { if ((!e.Message.Contains("The operation has timed out") || !e.Message.Contains("The remote name could not be resolved: ")) || (Settings.Logging_Level_To_Report.ToLower() == "informataion" || Settings.Logging_Level_To_Report.ToLower() == "verbose")) { Error_Operation.Log_Error("VERIFY_Central_File_Config_Hash()", e.Message.ToString() + " " + HTTP_File_Path + " " + Local_File_Path, e.StackTrace.ToString(), Error_Operation.LogSeverity.Informataion); } return(false); } finally { Wclient.Dispose(); } }
internal static bool CHECK_SWELF_Reg_Key_Exists(REG_KEY Key) { try { if (Settings.REG_Keys.Count > 1) { if (Settings.REG_Keys.ContainsKey(SWELF_Keys[(int)Key].ToString())) { return(true); } else { return(false); } } else { if (String.IsNullOrEmpty(BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key]).ToString()) == false) { return(true); } else { return(false); } } } catch (Exception e) { if (Key != REG_KEY.logging_level) { Error_Operation.Log_Error("CHECK_SWELF_Reg_Key_Exists()", e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Verbose); return(false); } else { BASE_SWELF_KEY.SetValue(SWELF_Keys[(int)REG_KEY.logging_level].ToString(), Crypto_Operation.Protect_Data_Value(Settings.Logging_Level_To_Report)); return(true); } } }
internal static string Base64Encode(string plainText) { byte[] plainTextBytes = Crypto_Operation.CONVERT_To_ASCII_Bytes(plainText.ToCharArray().ToString()); return(System.Convert.ToBase64String(plainTextBytes, Base64FormattingOptions.None)); }
internal static bool VERIFY_Central_Reg_Config_Hash(string HTTP_File_Path, string RegContents) { string HTTPFileHash; string LocalFileHash; try { HttpWebRequest request = (HttpWebRequest)WebRequest.Create(HTTP_File_Path); request.AllowAutoRedirect = false; request.UnsafeAuthenticatedConnectionSharing = false; request.Timeout = 150000; ServicePointManager.Expect100Continue = true; ServicePointManager.CheckCertificateRevocationList = false; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls | SecurityProtocolType.Ssl3; using (CustomWebClient response = new CustomWebClient()) { //string Web_Config_File_Contents = response.DownloadString(HTTP_File_Path); if (Settings.Central_Config_Hashs.ContainsKey(HTTP_File_Path) == true)//determine if we use cache version { HTTPFileHash = Settings.Central_Config_Hashs[HTTP_File_Path]; } else//no cache version get from network { Uri uri = new Uri(HTTP_File_Path); Central_Config_File_Web_Cache = Crypto_Operation.CONVERT_To_String_From_Bytes(response.DownloadData(uri), 2);//get file has from Network using (var sha256 = SHA256.Create()) { HTTPFileHash = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(Central_Config_File_Web_Cache))); } if (Settings.Central_Config_Hashs.ContainsKey(HTTP_File_Path) == false) { Settings.Central_Config_Hashs.Add(HTTP_File_Path, HTTPFileHash); } } using (var sha2562 = SHA256.Create())//Get local file hash { LocalFileHash = BitConverter.ToString(sha2562.ComputeHash(Encoding.UTF8.GetBytes(RegContents))); } Connection_Successful = true; if (HTTPFileHash == LocalFileHash) { return(true); } else { return(false); } } } catch (Exception e) { Connection_Successful = false; if (e.Message.Contains("has timed out") == false && e.Message.Contains("The remote name could not be resolved: ") == false) { Error_Operation.Log_Error("VERIFY_Central_File_Config_Hash()", e.Message.ToString() + " " + HTTP_File_Path + " ", e.StackTrace.ToString(), Error_Operation.LogSeverity.Informataion); } else if ((e.Message.Contains("The operation has timed out") || e.Message.Contains("The remote name could not be resolved: "))) { Error_Operation.WRITE_Errors_To_Log("VERIFY_Central_File_Config_Hash()", "Network unavaiulable for SWELF." + e.Message.ToString() + " " + HTTP_File_Path + " ", Error_Operation.LogSeverity.Informataion); } return(false); } finally { Wclient.Dispose(); } }
internal static string READ_SWELF_Reg_Key(REG_KEY Key, bool Log_Error = true) { try { if (Settings.REG_Keys.Count > 1) { if (Settings.REG_Keys.ContainsKey(SWELF_Keys[(int)Key].ToString())) { return(Settings.REG_Keys[SWELF_Keys[(int)Key]].ToString()); } else { return(""); } } else { if (CHECK_SWELF_Reg_Key_Exists(Key)) { if (Crypto_Operation.CHECK_Value_Encrypted(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key])))) { try { return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key]))); } catch (Exception e) { ADD_or_CHANGE_SWELF_Reg_Key(Key, SWELF_Keys[(int)Key]); return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key]))); } } else { ADD_or_CHANGE_SWELF_Reg_Key(Key, Crypto_Operation.CONVERT_To_String_From_Bytes(Crypto_Operation.Protect_Data_Value(SWELF_Keys[(int)Key].ToString()), 1)); return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key]))); } } else { return(""); } } } catch { try { if (CHECK_SWELF_Reg_Key_Exists(Key)) { if (Crypto_Operation.CHECK_Value_Encrypted(Crypto_Operation.ObjectToByteArray(BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key])))) { try { return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key]))); } catch (Exception e) { ADD_or_CHANGE_SWELF_Reg_Key(Key, SWELF_Keys[(int)Key]); return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key]))); } } else { ADD_or_CHANGE_SWELF_Reg_Key(Key, Crypto_Operation.CONVERT_To_String_From_Bytes(Crypto_Operation.Protect_Data_Value(SWELF_Keys[(int)Key].ToString()), 1)); return(Crypto_Operation.UnProtect_Data_Value((byte[])BASE_SWELF_KEY.GetValue(SWELF_Keys[(int)Key]))); } } else { if (Log_Error) { Error_Operation.Log_Error("CHANGE_Reg_Key()", "Reg Key does not exist. RegKey=" + Key, "", Error_Operation.LogSeverity.Warning); } return(""); } } catch (Exception e) { if (Log_Error) { Error_Operation.Log_Error("CHANGE_Reg_Key()", "Reg Key does not exist. RegKey=" + Key + ". " + e.Message.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Warning); } return(""); } } }
internal static void ADD_or_CHANGE_SWELF_Reg_Key(string Key, string Value) { BASE_SWELF_KEY.SetValue(Key, Crypto_Operation.Protect_Data_Value(Value)); }
internal static bool VERIFY_Central_File_Config_Hash(string HTTP_File_Path, string Local_File_Path) { string HTTPFileHash; string LocalFileHash; try { HttpWebRequest request = (HttpWebRequest)WebRequest.Create(HTTP_File_Path); request.AllowAutoRedirect = false; request.UnsafeAuthenticatedConnectionSharing = false; request.Timeout = 150000; ServicePointManager.Expect100Continue = true; ServicePointManager.CheckCertificateRevocationList = false; ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls | SecurityProtocolType.Ssl3; using (CustomWebClient response = new CustomWebClient()) { //string Web_Config_File_Contents = response.DownloadString(HTTP_File_Path); if (Settings.Central_Config_Hashs.ContainsKey(HTTP_File_Path) == true)//determine if we use cache version { HTTPFileHash = Settings.Central_Config_Hashs[HTTP_File_Path]; } else//no cache version get from network { Central_Config_File_Web_Cache = Crypto_Operation.CONVERT_To_String_From_Bytes(response.DownloadData(HTTP_File_Path), 2);//get file has from Network using (var sha256 = SHA256.Create()) { HTTPFileHash = BitConverter.ToString(sha256.ComputeHash(Encoding.UTF8.GetBytes(Central_Config_File_Web_Cache))); } if (Settings.Central_Config_Hashs.ContainsKey(HTTP_File_Path) == false) { Settings.Central_Config_Hashs.Add(HTTP_File_Path, HTTPFileHash); } } using (var sha2562 = SHA256.Create())//Get local file hash { if (File_Operation.CHECK_if_File_Exists(Local_File_Path) == false) { return(false);//no local file } else { LocalFileHash = BitConverter.ToString(sha2562.ComputeHash(Encoding.UTF8.GetBytes(File_Operation.READ_AllText(Local_File_Path)))); } } if (HTTPFileHash == LocalFileHash) { return(true); } else { return(false); } } } catch (Exception e) { Error_Operation.WRITE_Errors_To_Log("VERIFY_Central_File_Config_Hash()", e.Message.ToString() + " " + HTTP_File_Path + " " + Local_File_Path, Error_Operation.LogSeverity.Informataion);//log change return(false); } finally { Wclient.Dispose(); } }
private static byte[] GET_Encoding_to_Return(EventLog_Entry Data) { return(Crypto_Operation.CONVERT_To_UTF8_Bytes(GET_Log_Output_Format(Data))); }
internal static void CHECK_Reg_vs_File_Config(string Settings_FilePath) { if (Settings.GET_AppConfigFile_Path == Settings_FilePath)//Appconfig { if (CHECK_File_vs_Reg_Contents(Settings_FilePath, Reg_Operation.REG_KEY.ConsoleAppConfig_Contents) == false) { EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("CHECK_Reg_vs_File_Config() The app config file(ConsoleAppConfig.conf) did not match what was stored in the registry on this machine. Config File was " + Settings_FilePath); if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents)) { File_Operation.DELETE_AND_CREATE_File(Settings.GET_AppConfigFile_Path); File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.AppConfigFile_FileName, File_Operation.GET_Default_ConsoleAppConfig_File_Contents); } else { File_Operation.DELETE_AND_CREATE_File(Settings.GET_AppConfigFile_Path); File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.AppConfigFile_FileName, Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents)); Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents, Crypto_Operation.Decrypt_File_Contents(Settings.GET_AppConfigFile_Path)); } } } else if (Settings.GET_EventLogID_PlaceHolder_Path == Settings_FilePath)//EventLog ID { EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("CHECK_Reg_vs_File_Config() The file that tracks the event id of an eventlog config file (Eventlog_with_PlaceKeeper.txt) did not match what was stored in the registry on this machine. Config File was " + Settings_FilePath); File_Operation.DELETE_AND_CREATE_File(Settings.GET_EventLogID_PlaceHolder_Path); File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Config_File_Location, Settings.AppConfigFile_FileName, File_Operation.GET_Default_ConsoleAppConfig_File_Contents); } else if (Settings.GET_SearchTermsFile_Path == Settings_FilePath)//Search SearchFile { if (CHECK_File_vs_Reg_Contents(Settings_FilePath, Reg_Operation.REG_KEY.SearchTerms_File_Contents) == false) { EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("CHECK_Reg_vs_File_Config() The Search term file (Searchs.txt) config file did not match what was stored in the registry on this machine. Config File was " + Settings_FilePath); File_Operation.DELETE_AND_CREATE_File(Settings.GET_SearchTermsFile_Path); File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Search_File_Location, Settings.SearchTermsFileName_FileName, File_Operation.GET_Default_Eventlog_with_PlaceKeeper_File_Contents); } } else if (Settings.GET_WhiteList_SearchTermsFile_Path == Settings_FilePath)//Search WHitelist { EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("CHECK_Reg_vs_File_Config() The white list search terms file (WhiteList_Searchs.txt) did not match what was stored in the registry on this machine. Config File was " + Settings_FilePath); File_Operation.DELETE_AND_CREATE_File(Settings.GET_WhiteList_SearchTermsFile_Path); File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Search_File_Location, Settings.Search_WhiteList_FileName, File_Operation.GET_Default_Whitelist_File_Contents); } else if (Settings.GET_SearchTermsFile_PLUGIN_Path == Settings_FilePath)//PLUGIN Search { EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("CHECK_Reg_vs_File_Config() The Plugin config file (Search.txt in the Plugins Folder) did not match what was stored in the registry on this machine. Config File was " + Settings_FilePath); File_Operation.DELETE_AND_CREATE_File(Settings.GET_SearchTermsFile_PLUGIN_Path); File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Plugin_Files_Location, Settings.SearchTermsFileName_FileName, File_Operation.GET_Default_Powershell_Plugins_File_Contents); } else if (Settings.GET_WhiteList_SearchTermsFile_PLUGIN_Path == Settings_FilePath)//PLugin WHitelist { EventLog_SWELF.WRITE_FailureAudit_Error_To_EventLog("CHECK_Reg_vs_File_Config() The Plugin config file (WhiteList_Searchs.txt in the Plugins Folder) did not match what was stored in the registry on this machine. Config File was " + Settings_FilePath); File_Operation.DELETE_AND_CREATE_File(Settings.GET_WhiteList_SearchTermsFile_PLUGIN_Path); File_Operation.CREATE_NEW_Files_And_Dirs(Settings.Plugin_Files_Location, Settings.Search_WhiteList_FileName, File_Operation.GET_Default_Whitelist_File_Contents); } else { LOG_SEC_CHECK_Fail("CHECK_Reg_vs_File_Config() File Path:" + Settings_FilePath + " did not match encrypted config file path"); } }