Exemplo n.º 1
0
        public bool SetAuditPol(Auditing audit)
        {
            //MiscFunc.Exec("auditpol.exe", "/set /subcategory:{0CCE9226-69AE-11D9-BED3-505054503030} /failure:enable /success:enable");
            try
            {
                AuditPol.AUDIT_POLICY_INFORMATION pol = AuditPol.GetSystemPolicy("0CCE9226-69AE-11D9-BED3-505054503030");
                switch (audit)
                {
                case Auditing.All: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success | AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure; break;

                case Auditing.Blocked: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Failure; break;

                case Auditing.Allowed: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.Success; break;

                case Auditing.Off: pol.AuditingInformation = AuditPol.AUDIT_POLICY_INFORMATION_TYPE.None; break;
                }
                TokenManipulator.AddPrivilege(TokenManipulator.SE_SECURITY_NAME);
                // Note: without SeSecurityPrivilege this fails silently
                AuditPol.SetSystemPolicy(pol);
                TokenManipulator.RemovePrivilege(TokenManipulator.SE_SECURITY_NAME);
            }
            catch (Exception err)
            {
                AppLog.Line("Error in {0}: {1}", MiscFunc.GetCurrentMethod(), err.Message);
                return(false);
            }
            return(true);
        }
Exemplo n.º 2
0
        public bool SetAuditPolicy(Auditing audit)
        {
            try
            {
                AuditPolicy.AUDIT_POLICY_INFORMATION pol = AuditPolicy.GetSystemPolicy(FirewallEventPolicyID);
                switch (audit)
                {
                case Auditing.All: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success | AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Failure; break;

                case Auditing.Blocked: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Failure; break;

                case Auditing.Allowed: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success; break;

                case Auditing.Off: pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.None; break;
                }
                TokenManipulator.AddPrivilege(TokenManipulator.SE_SECURITY_NAME);
                // Note: without SeSecurityPrivilege this fails silently
                AuditPolicy.SetSystemPolicy(pol);
                TokenManipulator.RemovePrivilege(TokenManipulator.SE_SECURITY_NAME);
            }
            catch (Exception err)
            {
                AppLog.Exception(err);
                return(false);
            }
            return(true);
        }
Exemplo n.º 3
0
    public static string SID_SPLevel        = "S-1-16-28672"; //	Secure Process Mandatory Level

    internal static bool TakeOwn(string path)
    {
        bool ret = true;

        try
        {
            //TokenManipulator.AddPrivilege("SeRestorePrivilege");
            //TokenManipulator.AddPrivilege("SeBackupPrivilege");
            TokenManipulator.AddPrivilege("SeTakeOwnershipPrivilege");


            FileSecurity ac = File.GetAccessControl(path);
            ac.SetOwner(new SecurityIdentifier(FileOps.SID_Admins));
            File.SetAccessControl(path, ac);
        }
        catch (PrivilegeNotHeldException err)
        {
            AppLog.Line("Couldn't take Ownership {0}", err.ToString());
            ret = false;
        }
        finally
        {
            //TokenManipulator.RemovePrivilege("SeRestorePrivilege");
            //TokenManipulator.RemovePrivilege("SeBackupPrivilege");
            TokenManipulator.RemovePrivilege("SeTakeOwnershipPrivilege");
        }
        return(ret);
    }
Exemplo n.º 4
0
 public bool SetAuditPolicy(bool audit)
 {
     try
     {
         AuditPolicy.AUDIT_POLICY_INFORMATION pol = AuditPolicy.GetSystemPolicy(FirewallEventPolicyID);
         if (audit)
         {
             pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.Success;
         }
         else
         {
             pol.AuditingInformation = AuditPolicy.AUDIT_POLICY_INFORMATION_TYPE.None;
         }
         TokenManipulator.AddPrivilege(TokenManipulator.SE_SECURITY_NAME);
         // Note: without SeSecurityPrivilege this fails silently
         AuditPolicy.SetSystemPolicy(pol);
         TokenManipulator.RemovePrivilege(TokenManipulator.SE_SECURITY_NAME);
     }
     catch (Exception err)
     {
         AppLog.Exception(err);
         return(false);
     }
     return(true);
 }
Exemplo n.º 5
0
    public static string SID_SPLevel        = "S-1-16-28672"; //	Secure Process Mandatory Level

    internal static bool TakeOwn(string path)
    {
        bool ret = true;

        try
        {
            TokenManipulator.AddPrivilege(TokenManipulator.SE_TAKE_OWNERSHIP_NAME);

            FileSecurity ac = File.GetAccessControl(path);
            ac.SetOwner(new SecurityIdentifier(FileOps.SID_Admins));
            File.SetAccessControl(path, ac);
        }
        catch (Exception err)
        {
            AppLog.Exception(err);
            ret = false;
        }
        finally
        {
            TokenManipulator.RemovePrivilege(TokenManipulator.SE_TAKE_OWNERSHIP_NAME);
        }
        return(ret);
    }