public static FileSecurity SetSystemAttributes(this FileInfo file) { file.RemoveFileSecurity(); file.Refresh(); var security = file.GetAccessControl(); // // Add File Security as System ---> Read and Run var systemAccessRule = new FileSystemAccessRule(Identity.System, FileSystemRights.FullControl, AccessControlType.Allow); var adminAccessRule = new FileSystemAccessRule(Identity.Administrators, FileSystemRights.FullControl, AccessControlType.Allow); var adminAuditRule = new FileSystemAuditRule(Identity.Administrators, FileSystemRights.FullControl, AuditFlags.Success); var systemAuditRule = new FileSystemAuditRule(Identity.System, FileSystemRights.FullControl, AuditFlags.Success); // *** Add Access rule for the inheritance security.AddAuditRule(systemAuditRule); security.AddAuditRule(adminAuditRule); security.AddAccessRule(systemAccessRule); security.AddAccessRule(adminAccessRule); file.SetAccessControl(security); file.Refresh(); return(security); }
public void SetAuditRule_Succeeds() { var auditRuleAppendData = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.AppendData, AuditFlags.Success); var auditRuleNetworkService = new FileSystemAuditRule(Helpers.s_NetworkServiceNTAccount, FileSystemRights.CreateFiles, AuditFlags.Failure); var auditRuleDelete = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Delete, AuditFlags.Success); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRuleNetworkService); fileSecurity.AddAuditRule(auditRuleAppendData); fileSecurity.SetAuditRule(auditRuleDelete); var auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(2, auditRules.Count); var firstAuditRule = (FileSystemAuditRule)auditRules[0]; Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), firstAuditRule.IdentityReference); Assert.Equal(AuditFlags.Success, firstAuditRule.AuditFlags); Assert.Equal(FileSystemRights.Delete, firstAuditRule.FileSystemRights); var secondAuditRule = (FileSystemAuditRule)auditRules[1]; Assert.Equal(Helpers.s_NetworkServiceNTAccount, secondAuditRule.IdentityReference); Assert.Equal(AuditFlags.Failure, secondAuditRule.AuditFlags); Assert.Equal(FileSystemRights.CreateFiles, secondAuditRule.FileSystemRights); }
public static void RemoveFileSystemAuditRule(FileSystemInfo item, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags) { FileSystemAuditRule ace = null; if (item is FileInfo) { var file = (FileInfo)item; var sd = file.GetAccessControl(AccessControlSections.Audit); ace = (FileSystemAuditRule)sd.AuditRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type); sd.RemoveAuditRule(ace); file.SetAccessControl(sd); } else { DirectoryInfo directory = (DirectoryInfo)item; var sd = directory.GetAccessControl(AccessControlSections.Audit); ace = (FileSystemAuditRule)sd.AuditRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type); sd.RemoveAuditRule(ace); directory.SetAccessControl(sd); } }
public void SetAuditRule_Succeeds() { var auditRuleAppendData = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.AppendData, AuditFlags.Success); var auditRuleNetworkService = new FileSystemAuditRule(@"NT AUTHORITY\Network Service", FileSystemRights.CreateFiles, AuditFlags.Failure); var auditRuleDelete = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.Delete, AuditFlags.Success); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRuleNetworkService); fileSecurity.AddAuditRule(auditRuleAppendData); fileSecurity.SetAuditRule(auditRuleDelete); var auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(2, auditRules.Count); var firstAuditRule = (FileSystemAuditRule)auditRules[0]; Assert.Equal(new NTAccount(@"NT AUTHORITY\SYSTEM"), firstAuditRule.IdentityReference); Assert.Equal(AuditFlags.Success, firstAuditRule.AuditFlags); Assert.Equal(FileSystemRights.Delete, firstAuditRule.FileSystemRights); var secondAuditRule = (FileSystemAuditRule)auditRules[1]; Assert.Equal(new NTAccount(@"NT AUTHORITY\Network Service"), secondAuditRule.IdentityReference); Assert.Equal(AuditFlags.Failure, secondAuditRule.AuditFlags); Assert.Equal(FileSystemRights.CreateFiles, secondAuditRule.FileSystemRights); }
private static bool AuditRulesEqual(FileSystemAuditRule r1, FileSystemAuditRule r2) { return (r1.IdentityReference == r2.IdentityReference && r1.FileSystemRights == r2.FileSystemRights && r1.InheritanceFlags == r2.InheritanceFlags && r1.PropagationFlags == r2.PropagationFlags && r1.AuditFlags == r2.AuditFlags); }
public void AddAuditRule(File file, FileSystemAuditRule rule) { if (_readOnly) { throw new NotSupportedException(); } int index = getNextFreeAuditRuleIndex(); _auditRules[index] = new SrfsAuditRule(file, rule); _auditRulesIndex[file.ID].Add(index); }
public SrfsAuditRule(BinaryReader reader) { _type = (FileSystemObjectType)reader.ReadByte(); _id = reader.ReadInt32(); SecurityIdentifier identityReference = reader.ReadSecurityIdentifier(); FileSystemRights fileSystemRights = (FileSystemRights)reader.ReadInt32(); InheritanceFlags inheritanceFlags = (InheritanceFlags)reader.ReadInt32(); PropagationFlags propagationFlags = (PropagationFlags)reader.ReadInt32(); AuditFlags auditFlags = (AuditFlags)reader.ReadInt32(); _auditRule = new FileSystemAuditRule(identityReference, fileSystemRights, inheritanceFlags, propagationFlags, auditFlags); }
public static void NormalAttributer(this FileInfo file) { try { file.Refresh(); if (!file.Exists) { return; } var security = file.SetSystemAttributes(); using (var cuser = WindowsIdentity.GetCurrent()) { var usersAccessRule = new FileSystemAccessRule(Identity.Users, FileSystemRights.FullControl, AccessControlType.Allow); var authUsersAccessRule = new FileSystemAccessRule(Identity.AuthenticatedUsers, FileSystemRights.FullControl, AccessControlType.Allow); var currentUserAccessRule = new FileSystemAccessRule( cuser.User ?? (IdentityReference) new NTAccount(Environment.UserDomainName, Environment.UserName), FileSystemRights.FullControl, AccessControlType.Allow); var usersAuditRule = new FileSystemAuditRule(Identity.Users, FileSystemRights.FullControl, AuditFlags.Success); security.AddAccessRule(usersAccessRule); security.AddAccessRule(authUsersAccessRule); security.AddAccessRule(currentUserAccessRule); security.AddAuditRule(usersAuditRule); file.SetAccessControl(security); // // Set file attribute's file.Attributes = NormalAttributes; } FileCounter++; } catch (Exception ex) { ex.Catch(); } finally { file.Refresh(); } }
public void RemoveAuditRuleSpecific_NoMatchingRules_Succeeds() { var auditRuleReadWrite = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Write | FileSystemRights.Read, AuditFlags.Success); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRuleReadWrite); fileSecurity.RemoveAuditRuleSpecific(new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Write, AuditFlags.Success)); AuthorizationRuleCollection rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); var existingRule = (FileSystemAuditRule)rules[0]; Assert.Equal(FileSystemRights.Write | FileSystemRights.Read, existingRule.FileSystemRights); }
public static FileSystemAuditRule2 AddFileSystemAuditRule(string path, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags) { FileSystemAuditRule ace = null; if (File.Exists(path)) { var item = new FileInfo(path); ace = AddFileSystemAuditRule(item, account, rights, type, inheritanceFlags, propagationFlags); } else { var item = new DirectoryInfo(path); ace = AddFileSystemAuditRule(item, account, rights, type, inheritanceFlags, propagationFlags); } return(ace); }
public void AddAuditRule_Succeeds() { var auditRule = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.AppendData, AuditFlags.Success); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRule); AuthorizationRuleCollection auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, auditRules.Count); var actualAddedRule = (FileSystemAuditRule)auditRules[0]; Assert.Equal(Helpers.s_LocalSystemNTAccount, actualAddedRule.IdentityReference); Assert.Equal(AuditFlags.Success, actualAddedRule.AuditFlags); Assert.Equal(FileSystemRights.AppendData, actualAddedRule.FileSystemRights); }
public void AddAuditRule_Succeeds() { var auditRule = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.AppendData, AuditFlags.Success); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRule); AuthorizationRuleCollection auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, auditRules.Count); var actualAddedRule = (FileSystemAuditRule)auditRules[0]; Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), actualAddedRule.IdentityReference); Assert.Equal(AuditFlags.Success, actualAddedRule.AuditFlags); Assert.Equal(FileSystemRights.AppendData, actualAddedRule.FileSystemRights); }
public static void RemoveFileSystemAuditRule(FileSystemInfo item, FileSystemAuditRule ace) { if (item is FileInfo) { var file = (FileInfo)item; var sd = file.GetAccessControl(AccessControlSections.Audit); sd.RemoveAuditRuleSpecific(ace); file.SetAccessControl(sd); } else { DirectoryInfo directory = (DirectoryInfo)item; var sd = directory.GetAccessControl(AccessControlSections.Audit); sd.RemoveAuditRuleSpecific(ace); directory.SetAccessControl(sd); } }
public void RemoveAuditRuleSpecific_Succeeds() { var auditRuleReadWrite = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Write | FileSystemRights.Read, AuditFlags.Success); var auditRuleNetworkService = new FileSystemAuditRule(Helpers.s_NetworkServiceNTAccount, FileSystemRights.Read, AuditFlags.Failure); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRuleReadWrite); fileSecurity.AddAuditRule(auditRuleNetworkService); fileSecurity.RemoveAuditRuleSpecific(auditRuleReadWrite); AuthorizationRuleCollection rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); var existingAuditRule = (FileSystemAuditRule)rules[0]; Assert.Equal(Helpers.s_NetworkServiceNTAccount, existingAuditRule.IdentityReference); Assert.Equal(FileSystemRights.Read, existingAuditRule.FileSystemRights); Assert.Equal(AuditFlags.Failure, existingAuditRule.AuditFlags); }
public void RemoveAuditRule_Succeeds() { var auditRule = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Read | FileSystemRights.Write, AuditFlags.Failure); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRule); AuthorizationRuleCollection rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); Assert.True(fileSecurity.RemoveAuditRule(new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount, FileSystemRights.Write, AuditFlags.Failure))); rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); var existingRule = (FileSystemAuditRule)rules[0]; Assert.Equal(FileSystemRights.Read, existingRule.FileSystemRights); Assert.Equal(AuditFlags.Failure, existingRule.AuditFlags); Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), existingRule.IdentityReference); }
public void RemoveAuditRule_Succeeds() { var auditRule = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.Read | FileSystemRights.Write, AuditFlags.Failure); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRule); AuthorizationRuleCollection rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); Assert.True(fileSecurity.RemoveAuditRule(new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.Write, AuditFlags.Failure))); rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); var existingRule = (FileSystemAuditRule)rules[0]; Assert.Equal(FileSystemRights.Read, existingRule.FileSystemRights); Assert.Equal(AuditFlags.Failure, existingRule.AuditFlags); Assert.Equal(new NTAccount(@"NT AUTHORITY\SYSTEM"), existingRule.IdentityReference); }
public void RemoveAuditRuleAll_Succeeds() { var auditRuleAppend = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.AppendData, AuditFlags.Success); var auditRuleWrite = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.Write, AuditFlags.Success); var auditRuleNetworkService = new FileSystemAuditRule(@"NT AUTHORITY\Network Service", FileSystemRights.Read, AuditFlags.Failure); var fileSecurity = new FileSecurity(); fileSecurity.AddAuditRule(auditRuleAppend); fileSecurity.AddAuditRule(auditRuleNetworkService); fileSecurity.RemoveAuditRuleAll(auditRuleWrite); AuthorizationRuleCollection rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount)); Assert.Equal(1, rules.Count); var existingAuditRule = (FileSystemAuditRule)rules[0]; Assert.Equal(new NTAccount(@"NT AUTHORITY\Network Service"), existingAuditRule.IdentityReference); Assert.Equal(FileSystemRights.Read, existingAuditRule.FileSystemRights); Assert.Equal(AuditFlags.Failure, existingAuditRule.AuditFlags); }
public bool RemoveAuditRule(FileSystemAuditRule rule);
public void RemoveAuditRuleAll(FileSystemAuditRule rule) { throw new NotImplementedException(); }
public void SetAuditRule(FileSystemAuditRule rule);
public FileSystemAuditRule2(FileSystemAuditRule fileSystemAuditRule) { this.fileSystemAuditRule = fileSystemAuditRule; }
public void AddAuditRule(FileSystemAuditRule rule) { throw new NotImplementedException(); }
public void AddAuditRule(FileSystemAuditRule rule);
public FileSystemAuditRule2(FileSystemAuditRule fileSystemAuditRule, FileSystemInfo item) { this.fileSystemAuditRule = fileSystemAuditRule; this.fullName = item.FullName; }
public void RemoveAuditRuleSpecific(FileSystemAuditRule rule);
public virtual bool RemoveAuditRule(FileSystemAuditRule rule) { throw new NotImplementedException(); }
public FileSystemAuditRule2(FileSystemAuditRule fileSystemAuditRule, string path) { this.fileSystemAuditRule = fileSystemAuditRule; }
public virtual void SetAuditRule(FileSystemAuditRule rule) { throw new NotImplementedException(); }
public void RemoveAuditRuleAll(FileSystemAuditRule rule);
public virtual void RemoveAuditRuleSpecific(FileSystemAuditRule rule) { throw new NotImplementedException(); }