public bool SetAuditPolicy(Auditing audit)
{
try
{
AuditPolicy.AUDIT_POLICY_INFORMATION pol = AuditPolicy.GetSystemPolicy(FirewallEventPolicyID);
switch (audit)
{
case Auditing.All: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success | AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Failure; break;
case Auditing.Blocked: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Failure; break;
case Auditing.Allowed: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success; break;
case Auditing.Off: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.None; break;
}
TokenManipulator.AddPrivilege(TokenManipulator.SE_SECURITY_NAME);
// Note: without SeSecurityPrivilege this fails silently
AuditPolicy.SetSystemPolicy(pol);
TokenManipulator.RemovePrivilege(TokenManipulator.SE_SECURITY_NAME);
}
catch (Exception err)
{
AppLog.Exception(err);
return(false);
}
return(true);
}
public bool SetAuditPolicy(bool audit)
{
try
{
AuditPolicy.AUDIT_POLICY_INFORMATION pol = AuditPolicy.GetSystemPolicy(FirewallEventPolicyID);
if (audit)
{
pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success;
}
else
{
pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.None;
}
TokenManipulator.AddPrivilege(TokenManipulator.SE_SECURITY_NAME);
// Note: without SeSecurityPrivilege this fails silently
AuditPolicy.SetSystemPolicy(pol);
TokenManipulator.RemovePrivilege(TokenManipulator.SE_SECURITY_NAME);
}
catch (Exception err)
{
AppLog.Exception(err);
return(false);
}
return(true);
}
public bool HasAuditPolicy()
{
try
{
AuditPolicy.AUDIT_POLICY_INFORMATION pol = AuditPolicy.GetSystemPolicy(FirewallEventPolicyID);
if ((pol.AuditingInformation & AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success) != 0)
{
return(true);
}
}
catch (Exception err)
{
AppLog.Exception(err);
}
return(false);
}
public Auditing GetAuditPolicy()
{
try
{
AuditPolicy.AUDIT_POLICY_INFORMATION pol = AuditPolicy.GetSystemPolicy(FirewallEventPolicyID);
if ((pol.AuditingInformation & AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success) != 0 && (pol.AuditingInformation & AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Failure) != 0)
{
return(Auditing.All);
}
if ((pol.AuditingInformation & AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success) != 0)
{
return(Auditing.Allowed);
}
if ((pol.AuditingInformation & AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Failure) != 0)
{
return(Auditing.Blocked);
}
}
catch (Exception err)
{
AppLog.Exception(err);
}
return(Auditing.Off);
}
