public bool Analyze(HealthcheckData healthcheckData, ICollection <DomainKey> AllowedMigrationDomains) { bool hasTheRuleMatched = false; // PingCastle 2.5 Points = 0; int?valueReturnedByAnalysis = AnalyzeDataNew(healthcheckData, AllowedMigrationDomains); if (valueReturnedByAnalysis == null) { valueReturnedByAnalysis = 0; if (Details != null) { valueReturnedByAnalysis = Details.Count; } } foreach (var computation in RuleComputation) { int points = 0; if (computation.HasMatch((int)valueReturnedByAnalysis, ref points)) { hasTheRuleMatched = true; Points = points; if (DetailRationale != null) { Rationale = DetailRationale; Rationale = Rationale.Replace("{count}", valueReturnedByAnalysis.ToString()); Rationale = Rationale.Replace("{threshold}", computation.Threshold.ToString()); } break; } } return(hasTheRuleMatched); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { foreach (HealthcheckCertificateData data in healthcheckData.TrustedCertificates) { X509Certificate2 cert = new X509Certificate2(data.Certificate); RSA key = null; try { key = cert.PublicKey.Key as RSA; } catch (Exception) { Trace.WriteLine("Non RSA key detected in certificate"); } if (key != null) { RSAParameters rsaparams = key.ExportParameters(false); { if (rsaparams.Modulus.Length * 8 < 1024) { Trace.WriteLine("Modulus len = " + rsaparams.Exponent.Length * 8); AddRawDetail(data.Source, cert.Subject, rsaparams.Exponent.Length * 8); } } } } return(null); }
private BotInputOutput ToHtml(BotInputOutput input) { try { var xml = GetItem(input, "Report"); using (var ms = new MemoryStream(UnicodeEncoding.UTF8.GetBytes(xml))) { HealthcheckData healthcheckData = DataHelper <HealthcheckData> .LoadXml(ms, "bot", null); var endUserReportGenerator = PingCastleFactory.GetEndUserReportGenerator <HealthcheckData>(); var license = LicenseManager.Validate(typeof(Program), new Program()) as ADHealthCheckingLicense; var report = endUserReportGenerator.GenerateReportFile(healthcheckData, license, healthcheckData.GetHumanReadableFileName()); var o = new BotInputOutput(); o.Data = new List <BotData>(); AddData(o, "Status", "OK"); AddData(o, "Report", report); return(o); } } catch (Exception ex) { Console.WriteLine("Exception:" + ex.Message); Console.WriteLine("StackTrace:" + ex.StackTrace); return(ExceptionOutput("Exception during the job " + ex.Message, ex.StackTrace)); } }
public bool RegenerateHtmlTask() { return(StartTask("Regenerate html report", () => { if (!File.Exists(FileOrDirectory)) { WriteInRed("The file " + FileOrDirectory + " doesn't exist"); return; } if (FileOrDirectory.StartsWith("ad_cg_")) { CompromiseGraphData data = DataHelper <CompromiseGraphData> .LoadXml(FileOrDirectory); HealthCheckReportCompromiseGraph report = new HealthCheckReportCompromiseGraph(data, License); report.GenerateReportFile("ad_cg_" + data.DomainFQDN + ".html"); } else { HealthcheckData healthcheckData = DataHelper <HealthcheckData> .LoadXml(FileOrDirectory); HealthCheckReportSingle report = new HealthCheckReportSingle(healthcheckData, License); report.GenerateReportFile("ad_hc_" + healthcheckData.DomainFQDN + ".html"); } } )); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { int count = 0; if (healthcheckData.UserAccountData != null && healthcheckData.UserAccountData.ListDomainSidHistory != null && healthcheckData.UserAccountData.ListDomainSidHistory.Count > 0) { foreach (HealthcheckSIDHistoryData data in healthcheckData.UserAccountData.ListDomainSidHistory) { if (data.DomainSid == healthcheckData.DomainSid) { count += data.Count; } } } if (healthcheckData.ComputerAccountData != null && healthcheckData.ComputerAccountData.ListDomainSidHistory != null && healthcheckData.ComputerAccountData.ListDomainSidHistory.Count > 0) { foreach (HealthcheckSIDHistoryData data in healthcheckData.ComputerAccountData.ListDomainSidHistory) { if (data.DomainSid == healthcheckData.DomainSid) { count += data.Count; } } } return(count); }
public static HealthcheckDataHistoryCollection LoadHistory(string Xmls, DateTime maxfiltervalue) { var output = new HealthcheckDataHistoryCollection(); int files = 0; foreach (string filename in Directory.GetFiles(Xmls, "*.xml", SearchOption.AllDirectories)) { try { files++; HealthcheckData healthcheckData = DataHelper <HealthcheckData> .LoadXml(filename); // taking the more recent report if (healthcheckData.GenerationDate > maxfiltervalue) { Trace.WriteLine("File " + filename + " ignored because generation date " + healthcheckData.GenerationDate.ToString("u") + " is after the consolidation date " + maxfiltervalue.ToString("u")); continue; } output.Add(healthcheckData); } catch (Exception ex) { Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Unable to load the file " + filename + " (" + ex.Message + ")"); Console.ResetColor(); Trace.WriteLine("Unable to load the file " + filename + " (" + ex.Message + ")"); Trace.WriteLine(ex.StackTrace); } } Console.WriteLine("Reports loaded: " + output.Count + " - on a total of " + files + " valid files"); return(output); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { if (healthcheckData.DsHeuristicsAnonymousAccess) { return(1); } return(0); }
protected virtual int?AnalyzeDataNew(HealthcheckData healthcheckData, ICollection <DomainKey> AllowedMigrationDomains) { if (AllowedMigrationDomains == null) { return(AnalyzeDataNew(healthcheckData)); } throw new NotImplementedException(); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { if (healthcheckData.DomainCreation.AddDays(35) < healthcheckData.GenerationDate) { return(100); } return((int)(healthcheckData.GenerationDate - healthcheckData.AdminLastLoginDate).TotalDays); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { if (healthcheckData.SchemaVersion < 69) { return(1); } return(0); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { foreach (var pass in healthcheckData.GPPPassword) { AddRawDetail(pass.GPOName, pass.UserName, pass.Password); } return(null); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { if (healthcheckData.PreWindows2000AnonymousAccess) { return(1); } return(0); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { if (healthcheckData.SIDHistoryAuditingGroupPresent) { return(1); } return(0); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData, ICollection <DomainKey> SourceDomains) { Dictionary <string, int> domainList = new Dictionary <string, int>(); if (healthcheckData.UserAccountData != null && healthcheckData.UserAccountData.ListDomainSidHistory != null && healthcheckData.UserAccountData.ListDomainSidHistory.Count > 0) { foreach (HealthcheckSIDHistoryData data in healthcheckData.UserAccountData.ListDomainSidHistory) { // avoid unknown domain && same domain anomaly which is checked elsewhere if (!data.FriendlyName.StartsWith("S-1-5-21", StringComparison.InvariantCultureIgnoreCase) && data.FriendlyName != healthcheckData.DomainFQDN) { if (SourceDomains == null || !SourceDomains.Contains(data.Domain)) { if (!domainList.ContainsKey(data.DomainSid)) { domainList.Add(data.DomainSid, data.Count); } else { domainList[data.DomainSid] += data.Count; } } } } } if (healthcheckData.ComputerAccountData != null && healthcheckData.ComputerAccountData.ListDomainSidHistory != null && healthcheckData.ComputerAccountData.ListDomainSidHistory.Count > 0) { foreach (HealthcheckSIDHistoryData data in healthcheckData.ComputerAccountData.ListDomainSidHistory) { if (!data.FriendlyName.StartsWith("S-1-5-21", StringComparison.InvariantCultureIgnoreCase) && data.FriendlyName != healthcheckData.DomainFQDN) { if (SourceDomains == null || !SourceDomains.Contains(data.Domain)) { if (!domainList.ContainsKey(data.DomainSid)) { domainList.Add(data.DomainSid, data.Count); } else { domainList[data.DomainSid] += data.Count; } } } } } if (domainList.Count > 0) { foreach (string domain in domainList.Keys) { AddRawDetail(domain, domainList[domain]); } } return(null); }
static string BuildStatJson(HealthcheckData Report, ADHealthCheckingLicense license, bool shareStat) { var sb = new StringBuilder(); sb.Append("{"); sb.Append("\"generation\":\""); sb.Append(Report.GenerationDate.ToString("u")); sb.Append("\""); sb.Append(",\"version\":\""); sb.Append(Report.version.ToString()); sb.Append("\""); sb.Append(",\"users\":"); sb.Append(Report.UserAccountData.NumberActive); sb.Append(",\"computers\":"); sb.Append(Report.ComputerAccountData.NumberActive); sb.Append(",\"score\":"); sb.Append(Report.GlobalScore); sb.Append(",\"anomaly\":"); sb.Append(Report.AnomalyScore); sb.Append(",\"staledobjects\":"); sb.Append(Report.StaleObjectsScore); sb.Append(",\"trust\":"); sb.Append(Report.TrustScore); sb.Append(",\"privilegedGroup\":"); sb.Append(Report.PrivilegiedGroupScore); sb.Append(",\"maturityLevel\":"); sb.Append(Report.MaturityLevel); sb.Append(",\"rules\":\""); if (Report.RiskRules != null) { bool first = true; foreach (var rule in Report.RiskRules) { if (!first) { sb.Append(","); } sb.Append(rule.RiskId); first = false; } } sb.Append("\""); if (string.IsNullOrEmpty(license.Edition) || string.Equals(license.Edition, "Basic", StringComparison.OrdinalIgnoreCase) || shareStat) { sb.Append(",\"id\":\""); using (SHA256 hashstring = SHA256.Create()) { sb.Append(Convert.ToBase64String(hashstring.ComputeHash(Encoding.UTF8.GetBytes(Report.DomainFQDN.ToLowerInvariant() + Report.DomainSid.ToUpperInvariant())))); } sb.Append("\""); } sb.Append("}"); return(sb.ToString()); }
public static Dictionary <string, string> GetData(HealthcheckData report, ADHealthCheckingLicense license, bool shareStat = false) { var json = BuildStatJson(report, license, true); return(new Dictionary <string, string>() { { "license", license.LicenseKey }, { "json", json }, { "signature", SignatureStatJson(license, json) }, }); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { foreach (HealthcheckDelegationData delegation in healthcheckData.Delegations) { if (delegation.Right.Contains("EXT_RIGHT_REANIMATE_TOMBSTONE") || delegation.Right.Contains("EXT_RIGHT_UNEXPIRE_PASSWORD") || delegation.Right.Contains("EXT_RIGHT_MIGRATE_SID_HISTORY")) { AddRawDetail(delegation.DistinguishedName, delegation.Account, delegation.Right); } } return(null); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { foreach (HealthCheckTrustData trust in healthcheckData.Trusts) { if (!trust.IsActive) { AddRawDetail(trust.TrustPartner); } } return(null); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { foreach (GPOMembership membership in healthcheckData.GPOLocalMembership) { if (membership.User == "Authenticated Users" || membership.User == "Everyone") { AddRawDetail(membership.GPOName, membership.MemberOf, membership.User); } } return(null); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { foreach (HealthcheckDelegationData delegation in healthcheckData.Delegations) { if (delegation.Account == "Authenticated Users" || delegation.Account == "Everyone") { AddRawDetail(delegation.DistinguishedName, delegation.Account, delegation.Right); } } return(null); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { foreach (HealthcheckOSData os in healthcheckData.OperatingSystem) { if (os.OperatingSystem == "Windows 2003") { return(os.NumberOfOccurence); } } return(0); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { foreach (HealthcheckDelegationData delegation in healthcheckData.Delegations) { if (delegation.Account.StartsWith("S-1-", StringComparison.InvariantCultureIgnoreCase)) { AddRawDetail(delegation.DistinguishedName, delegation.Account, delegation.Right); } } return(null); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { if (healthcheckData.ComputerAccountData.NumberActive <= 20) { return(0); } if (healthcheckData.ComputerAccountData.Number == 0) { return(0); } return(100 * healthcheckData.ComputerAccountData.NumberInactive / healthcheckData.ComputerAccountData.Number); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { if (healthcheckData.LastADBackup < DateTime.MaxValue) { return((int)(healthcheckData.GenerationDate - healthcheckData.LastADBackup).TotalDays); } else if (healthcheckData.LastADBackup == DateTime.MaxValue) { return((int)(healthcheckData.GenerationDate - healthcheckData.DomainCreation).TotalDays); } return(0); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { if (healthcheckData.UserAccountData.NumberActive <= 100) { return(0); } if (healthcheckData.AllPrivilegedMembers.Count == 0) { return(0); } return(healthcheckData.AllPrivilegedMembers.Count * 100 / healthcheckData.UserAccountData.NumberActive); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { int adminCanBeDelegated = 0; foreach (var member in healthcheckData.AllPrivilegedMembers) { if (member.CanBeDelegated) { adminCanBeDelegated++; } } return(adminCanBeDelegated); }
public static PingCastleReportCollection <HealthcheckData> TransformReportsToDemo(PingCastleReportCollection <HealthcheckData> consolidation) { string rotKey = GenerateRandomRotKey(); var output = new PingCastleReportCollection <HealthcheckData>(); foreach (HealthcheckData data in consolidation) { HealthcheckData demoreport = TransformReportToDemo(rotKey, data); output.Add(demoreport); } return(output); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { int w2000 = 0; foreach (var dc in healthcheckData.DomainControllers) { if (dc.OperatingSystem == "Windows 2000") { w2000++; } } return(w2000); }
public static HealthcheckDataCollection TransformReportsToDemo(HealthcheckDataCollection consolidation) { string rotKey = GenerateRandomRotKey(); HealthcheckDataCollection output = new HealthcheckDataCollection(); foreach (HealthcheckData data in consolidation) { HealthcheckData demoreport = TransformReportToDemo(rotKey, data); output.Add(demoreport); } return(output); }
protected override int?AnalyzeDataNew(HealthcheckData healthcheckData) { if (healthcheckData.DomainControllers != null) { foreach (var DC in healthcheckData.DomainControllers) { if (DC.HasNullSession) { AddRawDetail(DC.DCName); } } } return(null); }