public SectionDetails GetScore() { SectionDetails details = new SectionDetails(0, new List <string>(), this); SecurityPolicyManager.GetAuditPolicy(); // Loop over every audit configuration foreach (KeyValuePair <string, ScoredItem <EAuditSettings> > config in ConfigPolicy.HeaderSettingPairs) { // If not scored, skip if (!config.Value.IsScored) { continue; } // Loop over every system audit setting foreach (KeyValuePair <string, POLICY_AUDIT_EVENT> systemSetting in SystemPolicy.HeaderSettingPairs) { // Check if config and system setting are of the same policy if (config.Key == systemSetting.Key) { // Check if integer casted values are equal if ((int)config.Value.Value == (int)systemSetting.Value) { // Setting is properly configured details.Points++; details.Output.Add(ConfigurationManager.Translate("AuditPolicy", config.Key, AuditSettingFormat[config.Value.Value])); } } } } return(details); }
public SectionDetails GetScore() { SectionDetails details = new SectionDetails(0, new List <string>(), this); SecurityPolicyManager.GetLockoutPolicy(); if (ConfigPolicy.AccountLockoutDuration.IsScored && ConfigPolicy.AccountLockoutDuration.Value.WithinBounds(SystemPolicy.AccountLockoutDuration)) { details.Points++; details.Output.Add(TranslationManager.Translate("AccountLockoutDuration", SystemPolicy.AccountLockoutDuration)); } if (ConfigPolicy.AccountLockoutThreshold.IsScored && ConfigPolicy.AccountLockoutThreshold.Value.WithinBounds(SystemPolicy.AccountLockoutThreshold)) { details.Points++; details.Output.Add(TranslationManager.Translate("AccountLockoutThreshold", SystemPolicy.AccountLockoutThreshold)); } if (ConfigPolicy.ResetLockoutCounterAfter.IsScored && ConfigPolicy.ResetLockoutCounterAfter.Value.WithinBounds(SystemPolicy.ResetLockoutCounterAfter)) { details.Points++; details.Output.Add(TranslationManager.Translate("ResetLockoutCounterAfter", SystemPolicy.ResetLockoutCounterAfter)); } return(details); }
public static List <SectionDetails> CheckScores() { List <SectionDetails> details = new List <SectionDetails>(); // Get information we use from secedit for use in sections SecurityPolicyManager.GetSeceditInfo(); // Reset max score MaxScore = 0; // Enumerate all scoring sections foreach (ISection section in ScoringSections) { // Get max score int maxScore = section.MaxScore(); // Optimization: Check if anything is scored, skip if not if (maxScore == 0) { continue; } // Increment total max score by section's MaxScore += maxScore; // Get scoring details for specific section SectionDetails sectionScore = section.GetScore(); // Add details to list details.Add(sectionScore); } return(details); }
public SectionDetails GetScore() { SectionDetails details = new SectionDetails(0, new List <string>(), this); SecurityPolicyManager.GetPasswordPolicy(); if (ConfigPolicy.EnforcePasswordHistory.IsScored && ConfigPolicy.EnforcePasswordHistory.Value.WithinBounds(SystemPolicy.EnforcePasswordHistory)) { details.Points++; details.Output.Add(TranslationManager.Translate("EnforcePasswordHistory", SystemPolicy.EnforcePasswordHistory)); } if (ConfigPolicy.MaxPasswordAge.IsScored && ConfigPolicy.MaxPasswordAge.Value.WithinBounds(SystemPolicy.MaximumPasswordAge)) { details.Points++; details.Output.Add(TranslationManager.Translate("MaxPasswordAge", SystemPolicy.MaximumPasswordAge)); } if (ConfigPolicy.MinPasswordAge.IsScored && ConfigPolicy.MinPasswordAge.Value.WithinBounds(SystemPolicy.MinimumPasswordAge)) { details.Points++; details.Output.Add(TranslationManager.Translate("MinPasswordAge", SystemPolicy.MinimumPasswordAge)); } if (ConfigPolicy.MinPasswordLength.IsScored && ConfigPolicy.MinPasswordLength.Value.WithinBounds(SystemPolicy.MinimumPasswordLength)) { details.Points++; details.Output.Add(TranslationManager.Translate("MinPasswordLength", SystemPolicy.MinimumPasswordLength)); } string[] readableNames = new string[] { TranslationManager.Translate("Disabled"), TranslationManager.Translate("Enabled") }; if (ConfigPolicy.PasswordComplexity.IsScored && ConfigPolicy.PasswordComplexity.Value == SystemPolicy.PasswordComplexity) { details.Points++; details.Output.Add(TranslationManager.Translate("PasswordComplexity", readableNames[SystemPolicy.PasswordComplexity])); } if (ConfigPolicy.ReversibleEncryption.IsScored && ConfigPolicy.ReversibleEncryption.Value == SystemPolicy.ReversibleEncryption) { details.Points++; details.Output.Add(TranslationManager.Translate("ReversibleEncryption", readableNames[SystemPolicy.ReversibleEncryption])); } return(details); }
public static List <SectionDetails> CheckScores() { List <SectionDetails> details = new List <SectionDetails>(); // Get information we use from secedit for use in sections SecurityPolicyManager.GetSeceditInfo(); // Reset max score MaxScore = 0; // Enumerate all scoring sections foreach (ISection section in ScoringSections) { // Get max score int maxScore = section.MaxScore(); // Optimization: Check if anything is scored, skip if not if (maxScore == 0) { continue; } // Increment total max score by section's MaxScore += maxScore; try { // Get scoring details for specific section SectionDetails sectionScore = section.GetScore(); // Add details to list details.Add(sectionScore); } catch (Exception ex) { EventLog.WriteEntry(".NET Runtime", ex.ToString(), EventLogEntryType.Error, 1026); } } return(details); }
public static WSSecurityPolicy GetSecurityPolicyDriver(MessageSecurityVersion version) { SecurityPolicyManager policyManager = new SecurityPolicyManager(); return policyManager.GetSecurityPolicyDriver(version); }
public static bool TryGetSecurityPolicyDriver(ICollection<XmlElement> assertions, out WSSecurityPolicy securityPolicy) { SecurityPolicyManager policyManager = new SecurityPolicyManager(); return policyManager.TryGetSecurityPolicyDriver(assertions, out securityPolicy); }
public SectionDetails GetScore() { SectionDetails details = new SectionDetails(0, new List <string>(), this); SecurityPolicyManager.GetUserRightsAssignment(); // For each config definition foreach (UserRightsDefinition definition in UserRightsDefinitions) { // Create copy of dictionary. Uses more memory but optimizes // checking as we can remove user rights after checking them Dictionary <string, List <SecurityIdentifier> > tempDict = new Dictionary <string, List <SecurityIdentifier> >(SystemPolicy.UserRightsSetting); string foundUserRights = null; bool configCorrect = true; // For each retrieved system user rights definition foreach (KeyValuePair <string, List <SecurityIdentifier> > userRights in tempDict) { // Check if config and system define the same user rights if (definition.ConstantName != userRights.Key) { continue; } foundUserRights = definition.ConstantName; // If config and user rights identifiers count do not match, // it is incorrectly configured. Break the loop and set as incorrect if (definition.Identifiers.Count != userRights.Value.Count) { configCorrect = false; break; } // Loop over sids first so we're not converting // identifiers to usernames multiple times for each foreach (SecurityIdentifier identifier in userRights.Value) { // Cache name to be compared with later checked identifiers string name = null; bool foundIdentifier = false; foreach (UserRightsIdentifier cfgId in definition.Identifiers) { switch (cfgId.Type) { case EUserRightsIdentifierType.Name: // If name has not been found yet, retrieve it if (name == null) { name = GetNameFromSID(identifier); } // If name and config name match, match is found if (name == cfgId.Identifier) { foundIdentifier = true; // Save name for possible output cfgId.Name = name; } break; case EUserRightsIdentifierType.SecurityID: // If Security IDs match, match is found if (identifier.MatchesConfig(cfgId.Identifier)) { foundIdentifier = true; // If name has not been found yet, retrieve it if (name == null) { name = GetNameFromSID(identifier); } // Save name for possible output cfgId.Name = name; } break; } // If we found the match, break the loop // as there is no need to keep searching if (foundIdentifier) { break; } } // If no match was found, the config and // system config do not match, break the loop if (!foundIdentifier) { configCorrect = false; break; } } // If process got here, // break the loop as a match was found break; } // If user rights was found if (foundUserRights != null) { // If configured correctly, increment points and give output if (configCorrect) { // Create list for every name, used to give user the proper output IEnumerable <string> names = definition.Identifiers.Select(x => x.Name); details.Points++; details.Output.Add(TranslationManager.Translate("UserRights", definition.Setting, string.Join(TranslationManager.Translate("Delimiter"), names))); } tempDict.Remove(foundUserRights); } } return(details); }