public bool Analyze(HealthcheckData healthcheckData, ICollection <DomainKey> AllowedMigrationDomains)
{
bool hasTheRuleMatched = false;
// PingCastle 2.5
Points = 0;
int?valueReturnedByAnalysis = AnalyzeDataNew(healthcheckData, AllowedMigrationDomains);
if (valueReturnedByAnalysis == null)
{
valueReturnedByAnalysis = 0;
if (Details != null)
{
valueReturnedByAnalysis = Details.Count;
}
}
foreach (var computation in RuleComputation)
{
int points = 0;
if (computation.HasMatch((int)valueReturnedByAnalysis, ref points))
{
hasTheRuleMatched = true;
Points = points;
if (DetailRationale != null)
{
Rationale = DetailRationale;
Rationale = Rationale.Replace("{count}", valueReturnedByAnalysis.ToString());
Rationale = Rationale.Replace("{threshold}", computation.Threshold.ToString());
}
break;
}
}
return(hasTheRuleMatched);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
foreach (HealthcheckCertificateData data in healthcheckData.TrustedCertificates)
{
X509Certificate2 cert = new X509Certificate2(data.Certificate);
RSA key = null;
try
{
key = cert.PublicKey.Key as RSA;
}
catch (Exception)
{
Trace.WriteLine("Non RSA key detected in certificate");
}
if (key != null)
{
RSAParameters rsaparams = key.ExportParameters(false);
{
if (rsaparams.Modulus.Length * 8 < 1024)
{
Trace.WriteLine("Modulus len = " + rsaparams.Exponent.Length * 8);
AddRawDetail(data.Source, cert.Subject, rsaparams.Exponent.Length * 8);
}
}
}
}
return(null);
}
private BotInputOutput ToHtml(BotInputOutput input)
{
try
{
var xml = GetItem(input, "Report");
using (var ms = new MemoryStream(UnicodeEncoding.UTF8.GetBytes(xml)))
{
HealthcheckData healthcheckData = DataHelper <HealthcheckData> .LoadXml(ms, "bot", null);
var endUserReportGenerator = PingCastleFactory.GetEndUserReportGenerator <HealthcheckData>();
var license = LicenseManager.Validate(typeof(Program), new Program()) as ADHealthCheckingLicense;
var report = endUserReportGenerator.GenerateReportFile(healthcheckData, license, healthcheckData.GetHumanReadableFileName());
var o = new BotInputOutput();
o.Data = new List <BotData>();
AddData(o, "Status", "OK");
AddData(o, "Report", report);
return(o);
}
}
catch (Exception ex)
{
Console.WriteLine("Exception:" + ex.Message);
Console.WriteLine("StackTrace:" + ex.StackTrace);
return(ExceptionOutput("Exception during the job " + ex.Message, ex.StackTrace));
}
}
public bool RegenerateHtmlTask()
{
return(StartTask("Regenerate html report",
() =>
{
if (!File.Exists(FileOrDirectory))
{
WriteInRed("The file " + FileOrDirectory + " doesn't exist");
return;
}
if (FileOrDirectory.StartsWith("ad_cg_"))
{
CompromiseGraphData data = DataHelper <CompromiseGraphData> .LoadXml(FileOrDirectory);
HealthCheckReportCompromiseGraph report = new HealthCheckReportCompromiseGraph(data, License);
report.GenerateReportFile("ad_cg_" + data.DomainFQDN + ".html");
}
else
{
HealthcheckData healthcheckData = DataHelper <HealthcheckData> .LoadXml(FileOrDirectory);
HealthCheckReportSingle report = new HealthCheckReportSingle(healthcheckData, License);
report.GenerateReportFile("ad_hc_" + healthcheckData.DomainFQDN + ".html");
}
}
));
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
int count = 0;
if (healthcheckData.UserAccountData != null && healthcheckData.UserAccountData.ListDomainSidHistory != null &&
healthcheckData.UserAccountData.ListDomainSidHistory.Count > 0)
{
foreach (HealthcheckSIDHistoryData data in healthcheckData.UserAccountData.ListDomainSidHistory)
{
if (data.DomainSid == healthcheckData.DomainSid)
{
count += data.Count;
}
}
}
if (healthcheckData.ComputerAccountData != null && healthcheckData.ComputerAccountData.ListDomainSidHistory != null &&
healthcheckData.ComputerAccountData.ListDomainSidHistory.Count > 0)
{
foreach (HealthcheckSIDHistoryData data in healthcheckData.ComputerAccountData.ListDomainSidHistory)
{
if (data.DomainSid == healthcheckData.DomainSid)
{
count += data.Count;
}
}
}
return(count);
}
public static HealthcheckDataHistoryCollection LoadHistory(string Xmls, DateTime maxfiltervalue)
{
var output = new HealthcheckDataHistoryCollection();
int files = 0;
foreach (string filename in Directory.GetFiles(Xmls, "*.xml", SearchOption.AllDirectories))
{
try
{
files++;
HealthcheckData healthcheckData = DataHelper <HealthcheckData> .LoadXml(filename);
// taking the more recent report
if (healthcheckData.GenerationDate > maxfiltervalue)
{
Trace.WriteLine("File " + filename + " ignored because generation date " + healthcheckData.GenerationDate.ToString("u") + " is after the consolidation date " + maxfiltervalue.ToString("u"));
continue;
}
output.Add(healthcheckData);
}
catch (Exception ex)
{
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine("Unable to load the file " + filename + " (" + ex.Message + ")");
Console.ResetColor();
Trace.WriteLine("Unable to load the file " + filename + " (" + ex.Message + ")");
Trace.WriteLine(ex.StackTrace);
}
}
Console.WriteLine("Reports loaded: " + output.Count + " - on a total of " + files + " valid files");
return(output);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
if (healthcheckData.DsHeuristicsAnonymousAccess)
{
return(1);
}
return(0);
}
protected virtual int?AnalyzeDataNew(HealthcheckData healthcheckData, ICollection <DomainKey> AllowedMigrationDomains)
{
if (AllowedMigrationDomains == null)
{
return(AnalyzeDataNew(healthcheckData));
}
throw new NotImplementedException();
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
if (healthcheckData.DomainCreation.AddDays(35) < healthcheckData.GenerationDate)
{
return(100);
}
return((int)(healthcheckData.GenerationDate - healthcheckData.AdminLastLoginDate).TotalDays);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
if (healthcheckData.SchemaVersion < 69)
{
return(1);
}
return(0);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
foreach (var pass in healthcheckData.GPPPassword)
{
AddRawDetail(pass.GPOName, pass.UserName, pass.Password);
}
return(null);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
if (healthcheckData.PreWindows2000AnonymousAccess)
{
return(1);
}
return(0);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
if (healthcheckData.SIDHistoryAuditingGroupPresent)
{
return(1);
}
return(0);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData, ICollection <DomainKey> SourceDomains)
{
Dictionary <string, int> domainList = new Dictionary <string, int>();
if (healthcheckData.UserAccountData != null && healthcheckData.UserAccountData.ListDomainSidHistory != null &&
healthcheckData.UserAccountData.ListDomainSidHistory.Count > 0)
{
foreach (HealthcheckSIDHistoryData data in healthcheckData.UserAccountData.ListDomainSidHistory)
{
// avoid unknown domain && same domain anomaly which is checked elsewhere
if (!data.FriendlyName.StartsWith("S-1-5-21", StringComparison.InvariantCultureIgnoreCase) &&
data.FriendlyName != healthcheckData.DomainFQDN)
{
if (SourceDomains == null || !SourceDomains.Contains(data.Domain))
{
if (!domainList.ContainsKey(data.DomainSid))
{
domainList.Add(data.DomainSid, data.Count);
}
else
{
domainList[data.DomainSid] += data.Count;
}
}
}
}
}
if (healthcheckData.ComputerAccountData != null && healthcheckData.ComputerAccountData.ListDomainSidHistory != null &&
healthcheckData.ComputerAccountData.ListDomainSidHistory.Count > 0)
{
foreach (HealthcheckSIDHistoryData data in healthcheckData.ComputerAccountData.ListDomainSidHistory)
{
if (!data.FriendlyName.StartsWith("S-1-5-21", StringComparison.InvariantCultureIgnoreCase) &&
data.FriendlyName != healthcheckData.DomainFQDN)
{
if (SourceDomains == null || !SourceDomains.Contains(data.Domain))
{
if (!domainList.ContainsKey(data.DomainSid))
{
domainList.Add(data.DomainSid, data.Count);
}
else
{
domainList[data.DomainSid] += data.Count;
}
}
}
}
}
if (domainList.Count > 0)
{
foreach (string domain in domainList.Keys)
{
AddRawDetail(domain, domainList[domain]);
}
}
return(null);
}
static string BuildStatJson(HealthcheckData Report, ADHealthCheckingLicense license, bool shareStat)
{
var sb = new StringBuilder();
sb.Append("{");
sb.Append("\"generation\":\"");
sb.Append(Report.GenerationDate.ToString("u"));
sb.Append("\"");
sb.Append(",\"version\":\"");
sb.Append(Report.version.ToString());
sb.Append("\"");
sb.Append(",\"users\":");
sb.Append(Report.UserAccountData.NumberActive);
sb.Append(",\"computers\":");
sb.Append(Report.ComputerAccountData.NumberActive);
sb.Append(",\"score\":");
sb.Append(Report.GlobalScore);
sb.Append(",\"anomaly\":");
sb.Append(Report.AnomalyScore);
sb.Append(",\"staledobjects\":");
sb.Append(Report.StaleObjectsScore);
sb.Append(",\"trust\":");
sb.Append(Report.TrustScore);
sb.Append(",\"privilegedGroup\":");
sb.Append(Report.PrivilegiedGroupScore);
sb.Append(",\"maturityLevel\":");
sb.Append(Report.MaturityLevel);
sb.Append(",\"rules\":\"");
if (Report.RiskRules != null)
{
bool first = true;
foreach (var rule in Report.RiskRules)
{
if (!first)
{
sb.Append(",");
}
sb.Append(rule.RiskId);
first = false;
}
}
sb.Append("\"");
if (string.IsNullOrEmpty(license.Edition) || string.Equals(license.Edition, "Basic", StringComparison.OrdinalIgnoreCase) || shareStat)
{
sb.Append(",\"id\":\"");
using (SHA256 hashstring = SHA256.Create())
{
sb.Append(Convert.ToBase64String(hashstring.ComputeHash(Encoding.UTF8.GetBytes(Report.DomainFQDN.ToLowerInvariant() + Report.DomainSid.ToUpperInvariant()))));
}
sb.Append("\"");
}
sb.Append("}");
return(sb.ToString());
}
public static Dictionary <string, string> GetData(HealthcheckData report, ADHealthCheckingLicense license, bool shareStat = false)
{
var json = BuildStatJson(report, license, true);
return(new Dictionary <string, string>()
{
{ "license", license.LicenseKey },
{ "json", json },
{ "signature", SignatureStatJson(license, json) },
});
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
foreach (HealthcheckDelegationData delegation in healthcheckData.Delegations)
{
if (delegation.Right.Contains("EXT_RIGHT_REANIMATE_TOMBSTONE") || delegation.Right.Contains("EXT_RIGHT_UNEXPIRE_PASSWORD") || delegation.Right.Contains("EXT_RIGHT_MIGRATE_SID_HISTORY"))
{
AddRawDetail(delegation.DistinguishedName, delegation.Account, delegation.Right);
}
}
return(null);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
foreach (HealthCheckTrustData trust in healthcheckData.Trusts)
{
if (!trust.IsActive)
{
AddRawDetail(trust.TrustPartner);
}
}
return(null);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
foreach (GPOMembership membership in healthcheckData.GPOLocalMembership)
{
if (membership.User == "Authenticated Users" || membership.User == "Everyone")
{
AddRawDetail(membership.GPOName, membership.MemberOf, membership.User);
}
}
return(null);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
foreach (HealthcheckDelegationData delegation in healthcheckData.Delegations)
{
if (delegation.Account == "Authenticated Users" || delegation.Account == "Everyone")
{
AddRawDetail(delegation.DistinguishedName, delegation.Account, delegation.Right);
}
}
return(null);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
foreach (HealthcheckOSData os in healthcheckData.OperatingSystem)
{
if (os.OperatingSystem == "Windows 2003")
{
return(os.NumberOfOccurence);
}
}
return(0);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
foreach (HealthcheckDelegationData delegation in healthcheckData.Delegations)
{
if (delegation.Account.StartsWith("S-1-", StringComparison.InvariantCultureIgnoreCase))
{
AddRawDetail(delegation.DistinguishedName, delegation.Account, delegation.Right);
}
}
return(null);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
if (healthcheckData.ComputerAccountData.NumberActive <= 20)
{
return(0);
}
if (healthcheckData.ComputerAccountData.Number == 0)
{
return(0);
}
return(100 * healthcheckData.ComputerAccountData.NumberInactive / healthcheckData.ComputerAccountData.Number);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
if (healthcheckData.LastADBackup < DateTime.MaxValue)
{
return((int)(healthcheckData.GenerationDate - healthcheckData.LastADBackup).TotalDays);
}
else if (healthcheckData.LastADBackup == DateTime.MaxValue)
{
return((int)(healthcheckData.GenerationDate - healthcheckData.DomainCreation).TotalDays);
}
return(0);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
if (healthcheckData.UserAccountData.NumberActive <= 100)
{
return(0);
}
if (healthcheckData.AllPrivilegedMembers.Count == 0)
{
return(0);
}
return(healthcheckData.AllPrivilegedMembers.Count * 100 / healthcheckData.UserAccountData.NumberActive);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
int adminCanBeDelegated = 0;
foreach (var member in healthcheckData.AllPrivilegedMembers)
{
if (member.CanBeDelegated)
{
adminCanBeDelegated++;
}
}
return(adminCanBeDelegated);
}
public static PingCastleReportCollection <HealthcheckData> TransformReportsToDemo(PingCastleReportCollection <HealthcheckData> consolidation)
{
string rotKey = GenerateRandomRotKey();
var output = new PingCastleReportCollection <HealthcheckData>();
foreach (HealthcheckData data in consolidation)
{
HealthcheckData demoreport = TransformReportToDemo(rotKey, data);
output.Add(demoreport);
}
return(output);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
int w2000 = 0;
foreach (var dc in healthcheckData.DomainControllers)
{
if (dc.OperatingSystem == "Windows 2000")
{
w2000++;
}
}
return(w2000);
}
public static HealthcheckDataCollection TransformReportsToDemo(HealthcheckDataCollection consolidation)
{
string rotKey = GenerateRandomRotKey();
HealthcheckDataCollection output = new HealthcheckDataCollection();
foreach (HealthcheckData data in consolidation)
{
HealthcheckData demoreport = TransformReportToDemo(rotKey, data);
output.Add(demoreport);
}
return(output);
}
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData)
{
if (healthcheckData.DomainControllers != null)
{
foreach (var DC in healthcheckData.DomainControllers)
{
if (DC.HasNullSession)
{
AddRawDetail(DC.DCName);
}
}
}
return(null);
}
