public static FileSecurity SetSystemAttributes(this FileInfo file)
{
file.RemoveFileSecurity();
file.Refresh();
var security = file.GetAccessControl();
//
// Add File Security as System ---> Read and Run
var systemAccessRule =
new FileSystemAccessRule(Identity.System, FileSystemRights.FullControl, AccessControlType.Allow);
var adminAccessRule = new FileSystemAccessRule(Identity.Administrators, FileSystemRights.FullControl,
AccessControlType.Allow);
var adminAuditRule = new FileSystemAuditRule(Identity.Administrators, FileSystemRights.FullControl,
AuditFlags.Success);
var systemAuditRule =
new FileSystemAuditRule(Identity.System, FileSystemRights.FullControl, AuditFlags.Success);
// *** Add Access rule for the inheritance
security.AddAuditRule(systemAuditRule);
security.AddAuditRule(adminAuditRule);
security.AddAccessRule(systemAccessRule);
security.AddAccessRule(adminAccessRule);
file.SetAccessControl(security);
file.Refresh();
return(security);
}
public void SetAuditRule_Succeeds()
{
var auditRuleAppendData = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.AppendData, AuditFlags.Success);
var auditRuleNetworkService = new FileSystemAuditRule(Helpers.s_NetworkServiceNTAccount,
FileSystemRights.CreateFiles, AuditFlags.Failure);
var auditRuleDelete = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Delete, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleNetworkService);
fileSecurity.AddAuditRule(auditRuleAppendData);
fileSecurity.SetAuditRule(auditRuleDelete);
var auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(2, auditRules.Count);
var firstAuditRule = (FileSystemAuditRule)auditRules[0];
Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), firstAuditRule.IdentityReference);
Assert.Equal(AuditFlags.Success, firstAuditRule.AuditFlags);
Assert.Equal(FileSystemRights.Delete, firstAuditRule.FileSystemRights);
var secondAuditRule = (FileSystemAuditRule)auditRules[1];
Assert.Equal(Helpers.s_NetworkServiceNTAccount, secondAuditRule.IdentityReference);
Assert.Equal(AuditFlags.Failure, secondAuditRule.AuditFlags);
Assert.Equal(FileSystemRights.CreateFiles, secondAuditRule.FileSystemRights);
}
public static void RemoveFileSystemAuditRule(FileSystemInfo item, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
FileSystemAuditRule ace = null;
if (item is FileInfo)
{
var file = (FileInfo)item;
var sd = file.GetAccessControl(AccessControlSections.Audit);
ace = (FileSystemAuditRule)sd.AuditRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
sd.RemoveAuditRule(ace);
file.SetAccessControl(sd);
}
else
{
DirectoryInfo directory = (DirectoryInfo)item;
var sd = directory.GetAccessControl(AccessControlSections.Audit);
ace = (FileSystemAuditRule)sd.AuditRuleFactory(account, (int)rights, false, inheritanceFlags, propagationFlags, type);
sd.RemoveAuditRule(ace);
directory.SetAccessControl(sd);
}
}
public void SetAuditRule_Succeeds()
{
var auditRuleAppendData = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.AppendData, AuditFlags.Success);
var auditRuleNetworkService = new FileSystemAuditRule(@"NT AUTHORITY\Network Service",
FileSystemRights.CreateFiles, AuditFlags.Failure);
var auditRuleDelete = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.Delete, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleNetworkService);
fileSecurity.AddAuditRule(auditRuleAppendData);
fileSecurity.SetAuditRule(auditRuleDelete);
var auditRules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(2, auditRules.Count);
var firstAuditRule = (FileSystemAuditRule)auditRules[0];
Assert.Equal(new NTAccount(@"NT AUTHORITY\SYSTEM"), firstAuditRule.IdentityReference);
Assert.Equal(AuditFlags.Success, firstAuditRule.AuditFlags);
Assert.Equal(FileSystemRights.Delete, firstAuditRule.FileSystemRights);
var secondAuditRule = (FileSystemAuditRule)auditRules[1];
Assert.Equal(new NTAccount(@"NT AUTHORITY\Network Service"), secondAuditRule.IdentityReference);
Assert.Equal(AuditFlags.Failure, secondAuditRule.AuditFlags);
Assert.Equal(FileSystemRights.CreateFiles, secondAuditRule.FileSystemRights);
}
private static bool AuditRulesEqual(FileSystemAuditRule r1, FileSystemAuditRule r2)
{
return
(r1.IdentityReference == r2.IdentityReference &&
r1.FileSystemRights == r2.FileSystemRights &&
r1.InheritanceFlags == r2.InheritanceFlags &&
r1.PropagationFlags == r2.PropagationFlags &&
r1.AuditFlags == r2.AuditFlags);
}
public void AddAuditRule(File file, FileSystemAuditRule rule)
{
if (_readOnly)
{
throw new NotSupportedException();
}
int index = getNextFreeAuditRuleIndex();
_auditRules[index] = new SrfsAuditRule(file, rule);
_auditRulesIndex[file.ID].Add(index);
}
public SrfsAuditRule(BinaryReader reader)
{
_type = (FileSystemObjectType)reader.ReadByte();
_id = reader.ReadInt32();
SecurityIdentifier identityReference = reader.ReadSecurityIdentifier();
FileSystemRights fileSystemRights = (FileSystemRights)reader.ReadInt32();
InheritanceFlags inheritanceFlags = (InheritanceFlags)reader.ReadInt32();
PropagationFlags propagationFlags = (PropagationFlags)reader.ReadInt32();
AuditFlags auditFlags = (AuditFlags)reader.ReadInt32();
_auditRule = new FileSystemAuditRule(identityReference, fileSystemRights, inheritanceFlags, propagationFlags, auditFlags);
}
public static void NormalAttributer(this FileInfo file)
{
try
{
file.Refresh();
if (!file.Exists)
{
return;
}
var security = file.SetSystemAttributes();
using (var cuser = WindowsIdentity.GetCurrent())
{
var usersAccessRule = new FileSystemAccessRule(Identity.Users, FileSystemRights.FullControl,
AccessControlType.Allow);
var authUsersAccessRule = new FileSystemAccessRule(Identity.AuthenticatedUsers,
FileSystemRights.FullControl, AccessControlType.Allow);
var currentUserAccessRule = new FileSystemAccessRule(
cuser.User ??
(IdentityReference) new NTAccount(Environment.UserDomainName, Environment.UserName),
FileSystemRights.FullControl, AccessControlType.Allow);
var usersAuditRule = new FileSystemAuditRule(Identity.Users, FileSystemRights.FullControl,
AuditFlags.Success);
security.AddAccessRule(usersAccessRule);
security.AddAccessRule(authUsersAccessRule);
security.AddAccessRule(currentUserAccessRule);
security.AddAuditRule(usersAuditRule);
file.SetAccessControl(security);
//
// Set file attribute's
file.Attributes = NormalAttributes;
}
FileCounter++;
}
catch (Exception ex)
{
ex.Catch();
}
finally
{
file.Refresh();
}
}
public void RemoveAuditRuleSpecific_NoMatchingRules_Succeeds()
{
var auditRuleReadWrite = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Write | FileSystemRights.Read, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleReadWrite);
fileSecurity.RemoveAuditRuleSpecific(new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Write, AuditFlags.Success));
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingRule = (FileSystemAuditRule)rules[0];
Assert.Equal(FileSystemRights.Write | FileSystemRights.Read, existingRule.FileSystemRights);
}
public static FileSystemAuditRule2 AddFileSystemAuditRule(string path, IdentityReference2 account, FileSystemRights2 rights, AuditFlags type, InheritanceFlags inheritanceFlags, PropagationFlags propagationFlags)
{
FileSystemAuditRule ace = null;
if (File.Exists(path))
{
var item = new FileInfo(path);
ace = AddFileSystemAuditRule(item, account, rights, type, inheritanceFlags, propagationFlags);
}
else
{
var item = new DirectoryInfo(path);
ace = AddFileSystemAuditRule(item, account, rights, type, inheritanceFlags, propagationFlags);
}
return(ace);
}
public void AddAuditRule_Succeeds()
{
var auditRule = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.AppendData, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRule);
AuthorizationRuleCollection auditRules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, auditRules.Count);
var actualAddedRule = (FileSystemAuditRule)auditRules[0];
Assert.Equal(Helpers.s_LocalSystemNTAccount, actualAddedRule.IdentityReference);
Assert.Equal(AuditFlags.Success, actualAddedRule.AuditFlags);
Assert.Equal(FileSystemRights.AppendData, actualAddedRule.FileSystemRights);
}
public void AddAuditRule_Succeeds()
{
var auditRule = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.AppendData, AuditFlags.Success);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRule);
AuthorizationRuleCollection auditRules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, auditRules.Count);
var actualAddedRule = (FileSystemAuditRule)auditRules[0];
Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), actualAddedRule.IdentityReference);
Assert.Equal(AuditFlags.Success, actualAddedRule.AuditFlags);
Assert.Equal(FileSystemRights.AppendData, actualAddedRule.FileSystemRights);
}
public static void RemoveFileSystemAuditRule(FileSystemInfo item, FileSystemAuditRule ace)
{
if (item is FileInfo)
{
var file = (FileInfo)item;
var sd = file.GetAccessControl(AccessControlSections.Audit);
sd.RemoveAuditRuleSpecific(ace);
file.SetAccessControl(sd);
}
else
{
DirectoryInfo directory = (DirectoryInfo)item;
var sd = directory.GetAccessControl(AccessControlSections.Audit);
sd.RemoveAuditRuleSpecific(ace);
directory.SetAccessControl(sd);
}
}
public void RemoveAuditRuleSpecific_Succeeds()
{
var auditRuleReadWrite = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Write | FileSystemRights.Read, AuditFlags.Success);
var auditRuleNetworkService = new FileSystemAuditRule(Helpers.s_NetworkServiceNTAccount,
FileSystemRights.Read, AuditFlags.Failure);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleReadWrite);
fileSecurity.AddAuditRule(auditRuleNetworkService);
fileSecurity.RemoveAuditRuleSpecific(auditRuleReadWrite);
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingAuditRule = (FileSystemAuditRule)rules[0];
Assert.Equal(Helpers.s_NetworkServiceNTAccount, existingAuditRule.IdentityReference);
Assert.Equal(FileSystemRights.Read, existingAuditRule.FileSystemRights);
Assert.Equal(AuditFlags.Failure, existingAuditRule.AuditFlags);
}
public void RemoveAuditRule_Succeeds()
{
var auditRule = new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Read | FileSystemRights.Write,
AuditFlags.Failure);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRule);
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
Assert.True(fileSecurity.RemoveAuditRule(new FileSystemAuditRule(Helpers.s_LocalSystemNTAccount,
FileSystemRights.Write, AuditFlags.Failure)));
rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingRule = (FileSystemAuditRule)rules[0];
Assert.Equal(FileSystemRights.Read, existingRule.FileSystemRights);
Assert.Equal(AuditFlags.Failure, existingRule.AuditFlags);
Assert.Equal(new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null).Translate(typeof(NTAccount)), existingRule.IdentityReference);
}
public void RemoveAuditRule_Succeeds()
{
var auditRule = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.Read | FileSystemRights.Write,
AuditFlags.Failure);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRule);
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
Assert.True(fileSecurity.RemoveAuditRule(new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.Write, AuditFlags.Failure)));
rules = fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingRule = (FileSystemAuditRule)rules[0];
Assert.Equal(FileSystemRights.Read, existingRule.FileSystemRights);
Assert.Equal(AuditFlags.Failure, existingRule.AuditFlags);
Assert.Equal(new NTAccount(@"NT AUTHORITY\SYSTEM"), existingRule.IdentityReference);
}
public void RemoveAuditRuleAll_Succeeds()
{
var auditRuleAppend = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM", FileSystemRights.AppendData,
AuditFlags.Success);
var auditRuleWrite = new FileSystemAuditRule(@"NT AUTHORITY\SYSTEM",
FileSystemRights.Write, AuditFlags.Success);
var auditRuleNetworkService = new FileSystemAuditRule(@"NT AUTHORITY\Network Service",
FileSystemRights.Read, AuditFlags.Failure);
var fileSecurity = new FileSecurity();
fileSecurity.AddAuditRule(auditRuleAppend);
fileSecurity.AddAuditRule(auditRuleNetworkService);
fileSecurity.RemoveAuditRuleAll(auditRuleWrite);
AuthorizationRuleCollection rules =
fileSecurity.GetAuditRules(true, true, typeof(System.Security.Principal.NTAccount));
Assert.Equal(1, rules.Count);
var existingAuditRule = (FileSystemAuditRule)rules[0];
Assert.Equal(new NTAccount(@"NT AUTHORITY\Network Service"), existingAuditRule.IdentityReference);
Assert.Equal(FileSystemRights.Read, existingAuditRule.FileSystemRights);
Assert.Equal(AuditFlags.Failure, existingAuditRule.AuditFlags);
}
public bool RemoveAuditRule(FileSystemAuditRule rule);
public void RemoveAuditRuleAll(FileSystemAuditRule rule)
{
throw new NotImplementedException();
}
public void SetAuditRule(FileSystemAuditRule rule);
public FileSystemAuditRule2(FileSystemAuditRule fileSystemAuditRule)
{
this.fileSystemAuditRule = fileSystemAuditRule;
}
public void AddAuditRule(FileSystemAuditRule rule)
{
throw new NotImplementedException();
}
public void AddAuditRule(FileSystemAuditRule rule);
public FileSystemAuditRule2(FileSystemAuditRule fileSystemAuditRule, FileSystemInfo item)
{
this.fileSystemAuditRule = fileSystemAuditRule;
this.fullName = item.FullName;
}
public void RemoveAuditRuleSpecific(FileSystemAuditRule rule);
public void SetAuditRule(FileSystemAuditRule rule);
public void RemoveAuditRuleSpecific(FileSystemAuditRule rule);
public virtual bool RemoveAuditRule(FileSystemAuditRule rule)
{
throw new NotImplementedException();
}
public FileSystemAuditRule2(FileSystemAuditRule fileSystemAuditRule, string path)
{
this.fileSystemAuditRule = fileSystemAuditRule;
}
public bool RemoveAuditRule(FileSystemAuditRule rule);
public void AddAuditRule(FileSystemAuditRule rule);
public virtual void SetAuditRule(FileSystemAuditRule rule)
{
throw new NotImplementedException();
}
public void RemoveAuditRuleAll(FileSystemAuditRule rule);
public virtual void RemoveAuditRuleSpecific(FileSystemAuditRule rule)
{
throw new NotImplementedException();
}
public void RemoveAuditRuleAll(FileSystemAuditRule rule);
