internal static bool CHECK_File_Encrypted(string FilePath)
{
try
{
FileInfo fi = new FileInfo(FilePath);
string Check = File.ReadAllText(FilePath);
if ((Check.Any(s => Crypto_Operation.Common_Encrypted_Chars.Contains(s)) && Check.Any(s => s >= 128)) && fi.Attributes.HasFlag(FileAttributes.Encrypted))
{
return(true);//File Encrypted
}
else
{
if ((Check.Any(s => Crypto_Operation.Common_Encrypted_Chars.Contains(s)) && Check.Any(s => s >= 128)) && fi.Attributes.HasFlag(FileAttributes.Encrypted) == false)
{
File.Encrypt(FilePath);
return(true);//File needed encrypted attrib and was encrypted
}
else
{
return(false);//File not encrypted
}
}
}
catch (Exception e)
{
bool FileExists = File_Operation.CHECK_if_File_Exists(FilePath);
if (FileExists == true && e.Message.Contains("Access to the path") && e.Message.Contains("denied"))
{
File_Operation.DELETE_File(FilePath);
}
Error_Operation.Log_Error("CHECK_File_Encrypted()", e.Message.ToString() + ". Is file on disk check=" + FileExists.ToString(), e.StackTrace.ToString(), Error_Operation.LogSeverity.Verbose);
return(false);//File NOT Encrypted
}
}
internal static string Decrypt_File_Contents(string InputEncryptedFilePath, bool ReWriteDecryptedFile = true)
{
string plaintext = null;
CryptoStream csDecrypt = null;
try
{
using (Aes AES = Aes.Create())
{
AES.KeySize = AES256KeySize;
AES.BlockSize = 128;
AES.Padding = PaddingMode.PKCS7;
var key = new Rfc2898DeriveBytes(CONVERT_To_UTF8_Bytes(GET_Password()), CONVERT_To_UTF8_Bytes(SALT), 50000);
AES.Key = key.GetBytes(AES.KeySize / 8);
AES.IV = key.GetBytes(AES.BlockSize / 8);
ICryptoTransform decryptor = AES.CreateDecryptor(AES.Key, AES.IV);
using (MemoryStream msDecrypt = new MemoryStream(File.ReadAllBytes(InputEncryptedFilePath)))
{
using (csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
try
{
plaintext = srDecrypt.ReadToEnd();
}
catch (Exception e)
{
File_Operation.DELETE_File(InputEncryptedFilePath);
File_Operation.WRITE_Default_Critical_Files();
}
}
csDecrypt = null;
}
}
}
if (ReWriteDecryptedFile)
{
File_Operation.Turnicate_File(InputEncryptedFilePath);
}
}
finally
{
if (csDecrypt != null)
{
csDecrypt.Dispose();
}
}
return(plaintext);
}
internal static void UPDATE_Local_Config_With_Central_Config(string WebPath, string LocalPath, string FileName)
{
if (string.IsNullOrEmpty(Central_Config_File_Web_Cache))
{
File_Operation.DELETE_File(LocalPath); //remove old config file
Wclient.DownloadFile(WebPath, LocalPath); //if match read local files
}
else
{
File_Operation.DELETE_File(LocalPath);//remove old config file
File_Operation.APPEND_AllTXT(LocalPath, Central_Config_File_Web_Cache);
}
Error_Operation.Log_Error("GET_Central_Config_File()", "Updated " + FileName + " from " + WebPath + ". It was downloaded to " + LocalPath, "", Error_Operation.LogSeverity.Verbose, Error_Operation.EventID.SWELF_Central_Config_Changed);//log change
if (File_Operation.CHECK_File_Encrypted(LocalPath) == false)
{
Crypto_Operation.Secure_File(LocalPath);
}
}
private static void RUN_Thread_Whitelist_SearchFile()
{
if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents))//use reg
{
READ_WhiteList_Search_Terms_File(Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents));
}
else if (File_Operation.CHECK_if_File_Exists(GET_WhiteList_SearchTermsFile_Path))//no reg, look for file
{
READ_WhiteList_Search_Terms_File(File_Operation.READ_AllText(GET_WhiteList_SearchTermsFile_Path));
File_Operation.DELETE_File(GET_WhiteList_SearchTermsFile_Path);
}
else//no file, no reg, Create Default then load it into the reg to use later
{
File_Operation.VERIFY_Search_Default_Files_Ready();
READ_WhiteList_Search_Terms_File(File_Operation.READ_AllText(GET_WhiteList_SearchTermsFile_Path));
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents, File_Operation.READ_AllText(GET_WhiteList_SearchTermsFile_Path));
}
++ThreadsDone_Setup;
}
private static void RUN_Thread_Plugins()
{
if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents))//use reg
{
READ_Powershell_SearchTerms(Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents));
}
else if (File_Operation.CHECK_if_File_Exists(Settings.GET_SearchTermsFile_PLUGIN_Path))//no reg, look for file
{
READ_Powershell_SearchTerms(File_Operation.READ_AllText(GET_SearchTermsFile_PLUGIN_Path));
File_Operation.DELETE_File(GET_SearchTermsFile_PLUGIN_Path);
}
else//no file, no reg, Create Default then load it into the reg to use later
{
File_Operation.VERIFY_Search_Default_Files_Ready();
File_Operation.GET_Plugin_Scripts_Ready();
READ_Powershell_SearchTerms(File_Operation.READ_AllText(GET_SearchTermsFile_PLUGIN_Path));
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents, File_Operation.READ_AllText(GET_SearchTermsFile_PLUGIN_Path));
}
++ThreadsDone_Setup;
}
internal static void SEND_Errors_To_Central_Location()
{
try
{
string[] Errors = File.ReadAllLines(Settings.GET_ErrorLog_Location);
if (Settings.Log_Forwarders_HostNames.Any(s => string.Equals(s, "127.0.0.1", StringComparison.OrdinalIgnoreCase)) == false && Settings.Log_Forwarders_HostNames.Any(s => string.IsNullOrEmpty(s)) == false)
{
for (int x = 0; x < Errors.Length; ++x)
{
Settings.Logs_Sent_to_ALL_Collectors = Log_Network_Forwarder.SEND_Logs(Errors[x], Settings.GET_ErrorLog_Location, true);
}
if (Settings.Logs_Sent_to_ALL_Collectors && File_Operation.CHECK_if_File_Exists(Settings.GET_ErrorLog_Location) || Settings.AppConfig_File_Args.ContainsKey(Settings.SWELF_AppConfig_Args[15]))
{
File_Operation.DELETE_File(Settings.GET_ErrorLog_Location);
File.Create(Settings.GET_ErrorLog_Location).Close();
}
}
}
catch (Exception e)
{
Settings.Log_Storage_Location_Unavailable("SEND_Errors_To_Central_Location() " + e.Message.ToString());
}
}
private static void RUN_Setup_AppConfig()
{
if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents))//use reg
{
READ_and_Parse_Console_App_Config_Contents(Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents));
}
else if (File_Operation.CHECK_if_File_Exists(GET_AppConfigFile_Path))//no reg, look for file
{
READ_and_Parse_Console_App_Config_Contents(File_Operation.READ_AllText(GET_AppConfigFile_Path));
File_Operation.DELETE_File(GET_AppConfigFile_Path);
}
else//no file, no reg, Create Default then load it into the reg to use later
{
File_Operation.VERIFY_AppConfig_Default_Files_Ready();
READ_and_Parse_Console_App_Config_Contents(File_Operation.READ_AllText(GET_AppConfigFile_Path));
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents, File_Operation.READ_AllText(GET_AppConfigFile_Path));
}
//Check for CENTRAL CONFIG's, if yes check for update, update if needed.
//Appconfig
if (AppConfig_File_Args.ContainsKey(SWELF_AppConfig_Args[7]))//arg for central app config
{
if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents) == false)
{
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents, "");
}
if (Web_Operation.VERIFY_Central_Reg_Config_Hash(AppConfig_File_Args[SWELF_AppConfig_Args[7]], Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents)) == false)
{
if (Web_Operation.Connection_Successful)
{
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.ConsoleAppConfig_Contents, Web_Operation.UPDATE_Reg_Config_With_Central_Config(AppConfig_File_Args[SWELF_AppConfig_Args[7]].ToString()));
Error_Operation.Log_Error("RUN_Setup_AppConfig()", "Reg key for Central Config ConsoleAppConfig_Contents source updated from web source.", "", Error_Operation.LogSeverity.Informataion, Error_Operation.EventID.SWELF_Central_Config_Changed);
}
}
}
//Searchterms
if (AppConfig_File_Args.ContainsKey(SWELF_AppConfig_Args[6]))//arg for central search config
{
if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.SearchTerms_File_Contents) == false)
{
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.SearchTerms_File_Contents, "");
}
if (Web_Operation.VERIFY_Central_Reg_Config_Hash(AppConfig_File_Args[SWELF_AppConfig_Args[6]], Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.SearchTerms_File_Contents)) == false)
{
if (Web_Operation.Connection_Successful)
{
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.SearchTerms_File_Contents, Web_Operation.UPDATE_Reg_Config_With_Central_Config(AppConfig_File_Args[SWELF_AppConfig_Args[6]].ToString()));
Error_Operation.Log_Error("RUN_Setup_AppConfig()", "Reg key for Central Config SearchTerms_File_Contents source updated from web source.", "", Error_Operation.LogSeverity.Informataion, Error_Operation.EventID.SWELF_Central_Config_Changed);
}
}
}
//Whitelist
if (AppConfig_File_Args.ContainsKey(SWELF_AppConfig_Args[9]))//arg for central search config
{
if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents) == false)
{
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents, "");
}
if (Web_Operation.VERIFY_Central_Reg_Config_Hash(AppConfig_File_Args[SWELF_AppConfig_Args[9]], Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents)) == false)
{
if (Web_Operation.Connection_Successful)
{
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.WhiteList_SearchTerms_File_Contents, Web_Operation.UPDATE_Reg_Config_With_Central_Config(AppConfig_File_Args[SWELF_AppConfig_Args[9]].ToString()));
Error_Operation.Log_Error("RUN_Setup_AppConfig()", "Reg key for Central Config WhiteList_SearchTerms_File_Contents source updated from web source.", "", Error_Operation.LogSeverity.Informataion, Error_Operation.EventID.SWELF_Central_Config_Changed);
}
}
}
//Powershell plugin
if (AppConfig_File_Args.ContainsKey(SWELF_AppConfig_Args[8]))//arg for central search config
{
if (Reg_Operation.CHECK_SWELF_Reg_Key_Exists(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents) == false)
{
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents, "");
}
if (Web_Operation.VERIFY_Central_Reg_Config_Hash(AppConfig_File_Args[SWELF_AppConfig_Args[8]], Reg_Operation.READ_SWELF_Reg_Key(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents)) == false)
{
if (Web_Operation.Connection_Successful)
{
Reg_Operation.ADD_or_CHANGE_SWELF_Reg_Key(Reg_Operation.REG_KEY.PLUGIN_SearchTerms_File_Contents, Web_Operation.UPDATE_Reg_Config_With_Central_Config(AppConfig_File_Args[SWELF_AppConfig_Args[8]].ToString()));
Error_Operation.Log_Error("RUN_Setup_AppConfig()", "Reg key for Central Config PLUGIN_SearchTerms_File_Contents source updated from web source.", "", Error_Operation.LogSeverity.Informataion, Error_Operation.EventID.SWELF_Central_Config_Changed);
}
}
}
Log_Forwarders_HostNames = GET_LogCollector_Locations();//GatherLog Collector Locations
++ThreadsDone_Setup;
if (AppConfig_File_Args.ContainsKey(SWELF_AppConfig_Args[16]))
{
Logging_Level_To_Report = "verbose";
}
}