public int UpdateAppCtrlRule(Client client, AppCtrlRule rule) { lock (client.SyncAccess) { return(server.UpdateAppCtrlRule(client, rule)); } }
public AuxiliarForm(AuxFormType formType, AppCtrlRule appRule) { this.appRule = appRule; this.formType = formType; Result = AuxFormResult.Canceled; InitializeComponent(); CreateFields(); }
public int UpdateAppCtrlRule(Client client, AppCtrlRule rule) { soc.SendDWORD(client.Socket, (int)IceServerCommand.UpdateAppCtrlRule); soc.SendDWORD(client.Socket, rule.RuleID); soc.SendDWORD(client.Socket, (int)rule.ProcessPathMatcher); soc.SendString(client.Socket, rule.ProcessPath); soc.SendDWORD(client.Socket, rule.PID); soc.SendDWORD(client.Socket, (int)rule.ParentPathMatcher); soc.SendString(client.Socket, rule.ParentPath); soc.SendDWORD(client.Socket, rule.ParentPID); soc.SendDWORD(client.Socket, (int)rule.Verdict); IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket); if (cmdResult != IceServerCommandResult.Success) { throw new Exception("Failed to Update AppCtrl Rule " + rule.RuleID + " for client " + client.Name); } return(1); }
private void btnUpdate_Click(object sender, EventArgs e) { ListView lv = tabControl.SelectedIndex == 0 ? listAppRules : listFSRules; int selectedIndex = tabControl.SelectedIndex; Client client = clients[listClients.SelectedIndices[0]]; AuxiliarForm auxForm; AppCtrlRule appRule = new AppCtrlRule(); FSRule fsRule = new FSRule(); if (selectedIndex == 0) { appRule = client.AppCtrlRules[listAppRules.SelectedIndices[0]]; auxForm = new AuxiliarForm(selectedIndex == 0 ? AuxFormType.UpdateAppCtrl : AuxFormType.UpdateFSScan, appRule); } else { fsRule = client.FSRules[listFSRules.SelectedIndices[0]]; auxForm = new AuxiliarForm(selectedIndex == 0 ? AuxFormType.UpdateAppCtrl : AuxFormType.UpdateFSScan, fsRule); } auxForm.Text = selectedIndex == 0 ? "Update Application Control Rule" : "Update File System Scan Rule"; auxForm.ShowDialog(); if (auxForm.Result != AuxFormResult.Completed) { return; } string[] values = auxForm.Values; if (selectedIndex == 0) { UpdateAppCtrlRule(values, appRule.RuleID); } else { UpdateFSScanRule(values, fsRule.RuleID); } }
/****************************************************************/ /* Public function */ /****************************************************************/ public AppCtrlRule[] GetAppCtrlRules(Client client) { soc.SendDWORD(client.Socket, (int)IceServerCommand.GetAppCtrlRules); IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket); if (cmdResult != IceServerCommandResult.Success) { throw new Exception("Failed to get AppCtrl Rules for client " + client.Name); } int len = soc.RecvDWORD(client.Socket); if (len == 0) { return(new AppCtrlRule[0]); } AppCtrlRule[] appRules = new AppCtrlRule[len]; for (int i = 0; i < len; i++) { appRules[i] = new AppCtrlRule(); appRules[i].RuleID = soc.RecvDWORD(client.Socket); appRules[i].ProcessPathMatcher = (IceStringMatcher)soc.RecvDWORD(client.Socket); appRules[i].ProcessPath = soc.RecvString(client.Socket); appRules[i].PID = soc.RecvDWORD(client.Socket); appRules[i].ParentPathMatcher = (IceStringMatcher)soc.RecvDWORD(client.Socket); appRules[i].ParentPath = soc.RecvString(client.Socket); appRules[i].ParentPID = soc.RecvDWORD(client.Socket); appRules[i].Verdict = (IceScanVerdict)soc.RecvDWORD(client.Socket); appRules[i].AddTime = soc.RecvDWORD(client.Socket); } client.AppCtrlRules = appRules; return(appRules); }
public int AddAppCtrlRule(Client client, AppCtrlRule rule) { soc.SendDWORD(client.Socket, (int)IceServerCommand.AddAppCtrlRule); soc.SendDWORD(client.Socket, (int)rule.ProcessPathMatcher); soc.SendString(client.Socket, rule.ProcessPath); soc.SendDWORD(client.Socket, rule.PID); soc.SendDWORD(client.Socket, (int)rule.ParentPathMatcher); soc.SendString(client.Socket, rule.ParentPath); soc.SendDWORD(client.Socket, rule.ParentPID); soc.SendDWORD(client.Socket, (int)rule.Verdict); IceServerCommandResult cmdResult = (IceServerCommandResult)soc.RecvDWORD(client.Socket); if (cmdResult != IceServerCommandResult.Success) { throw new Exception("Failed to Add AppCtrl Rule for client " + client.Name); } int ruleId = soc.RecvDWORD(client.Socket); log.Info("AppCtrl rule was added: " + ruleId); return(ruleId); }
private void UpdateAppCtrlRule(string[] values, int ruleID) { try { Client client = clients[listClients.SelectedIndices[0]]; AppCtrlRule rule = new AppCtrlRule(); rule.RuleID = ruleID; rule.ProcessPathMatcher = values[0].Equals("Equal") ? IceStringMatcher.Equal : IceStringMatcher.Wildmat; rule.ProcessPath = values[1]; rule.PID = int.Parse(values[2]); rule.ParentPathMatcher = values[3].Equals("Equal") ? IceStringMatcher.Equal : IceStringMatcher.Wildmat; rule.ParentPath = values[4]; rule.ParentPID = int.Parse(values[5]); rule.Verdict = values[6].Equals("Allow") ? IceScanVerdict.Allow : IceScanVerdict.Deny; BackgroundWorker bw = new BackgroundWorker(); bw.DoWork += new DoWorkEventHandler((object sender2, DoWorkEventArgs e2) => { e2.Result = ctrl.UpdateAppCtrlRule(client, rule); }); bw.RunWorkerCompleted += new RunWorkerCompletedEventHandler((object sender2, RunWorkerCompletedEventArgs e2) => { if (e2.Error != null) { MessageBox.Show(e2.Error.Message, "Error"); return; } BackgroundWorker bw2 = new BackgroundWorker(); bw2.DoWork += new DoWorkEventHandler((object sender3, DoWorkEventArgs e3) => { e3.Result = ctrl.GetAppCtrlRules(client); }); bw2.RunWorkerCompleted += new RunWorkerCompletedEventHandler((object sender3, RunWorkerCompletedEventArgs e3) => { if (e3.Error != null) { MessageBox.Show(e3.Error.Message, "Error"); return; } SetAppCtrlRulesList(e3.Result as AppCtrlRule[]); }); bw2.RunWorkerAsync(); //int ruleId = (int)e2.Result; MessageBox.Show(string.Format("AppCtrl rule with id {0} was updated with success.", ruleID), "Success"); }); bw.RunWorkerAsync(); } catch (Exception ex) { MessageBox.Show(ex.Message, "Error"); } }