private void SetAllAuditEntitiesItemToNULL(fileauditedpermissions_item fileauditedpermissionsItem)
{
fileauditedpermissionsItem.access_system_security = null;
fileauditedpermissionsItem.file_append_data = null;
fileauditedpermissionsItem.file_delete_child = null;
fileauditedpermissionsItem.file_execute = null;
fileauditedpermissionsItem.file_read_attributes = null;
fileauditedpermissionsItem.file_read_data = null;
fileauditedpermissionsItem.file_read_ea = null;
fileauditedpermissionsItem.file_write_attributes = null;
fileauditedpermissionsItem.file_write_data = null;
fileauditedpermissionsItem.file_write_ea = null;
fileauditedpermissionsItem.generic_all = null;
fileauditedpermissionsItem.generic_execute = null;
fileauditedpermissionsItem.generic_read = null;
fileauditedpermissionsItem.generic_write = null;
fileauditedpermissionsItem.standard_delete = null;
fileauditedpermissionsItem.standard_read_control = null;
fileauditedpermissionsItem.standard_synchronize = null;
fileauditedpermissionsItem.standard_write_dac = null;
fileauditedpermissionsItem.standard_write_owner = null;
}
private ItemType[] CreateFakeItemTypes()
{
var newItemType = new fileauditedpermissions_item()
{
filepath = new EntityItemStringType() { Value = "c:\\temp\\file1.txt" },
trustee_sid = new EntityItemStringType() { Value = "S-1-1" }
};
return new ItemType[] { newItemType };
}
private void SetAllAuditEntitiesItemToEMPTY(fileauditedpermissions_item item)
{
item.access_system_security = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.file_append_data = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.file_delete_child = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.file_execute = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.file_read_attributes = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.file_read_data = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.file_read_ea = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.file_write_attributes = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.file_write_data = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.file_write_ea = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.generic_all = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.generic_execute = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.generic_read = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.generic_write = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.standard_delete = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.standard_read_control = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.standard_synchronize = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.standard_write_dac = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
item.standard_write_owner = OvalHelper.CreateAuditItemTypeWithValue(AuditEventStatus.EMPTY.ToString());
}
private void MapSACLsToFileAuditedPermissionsItem(
fileauditedpermissions_item collectedItem, IEnumerable<WMIWinACE> SACLs)
{
foreach (var sacl in SACLs)
{
sacl.CalculateFileAccessRightsFromAccessMask();
if (sacl.ACCESS_SYSTEM_SECURITY)
collectedItem.access_system_security.Value = sacl.AuditEventPolicy.ToString();
if (sacl.DELETE)
collectedItem.standard_delete.Value = sacl.AuditEventPolicy.ToString();
if (sacl.FILE_APPEND_DATA)
collectedItem.file_append_data.Value = sacl.AuditEventPolicy.ToString();
if (sacl.FILE_DELETE_CHILD)
collectedItem.file_delete_child.Value = sacl.AuditEventPolicy.ToString();
if (sacl.FILE_EXECUTE)
collectedItem.file_execute.Value = sacl.AuditEventPolicy.ToString();
if (sacl.FILE_READ_ATTRIBUTES)
collectedItem.file_read_attributes.Value = sacl.AuditEventPolicy.ToString();
if (sacl.FILE_READ_DATA)
collectedItem.file_read_data.Value = sacl.AuditEventPolicy.ToString();
if (sacl.FILE_READ_EA)
collectedItem.file_read_ea.Value = sacl.AuditEventPolicy.ToString();
if (sacl.FILE_WRITE_ATTRIBUTES)
collectedItem.file_write_attributes.Value = sacl.AuditEventPolicy.ToString();
if (sacl.FILE_WRITE_DATA)
collectedItem.file_write_data.Value = sacl.AuditEventPolicy.ToString();
if (sacl.FILE_WRITE_EA)
collectedItem.file_write_ea.Value = sacl.AuditEventPolicy.ToString();
if (sacl.GENERIC_ALL)
collectedItem.generic_all.Value = sacl.AuditEventPolicy.ToString();
if (sacl.GENERIC_EXECUTE)
collectedItem.generic_execute.Value = sacl.AuditEventPolicy.ToString();
if (sacl.GENERIC_READ)
collectedItem.generic_read.Value = sacl.AuditEventPolicy.ToString();
if (sacl.GENERIC_WRITE)
collectedItem.generic_write.Value = sacl.AuditEventPolicy.ToString();
if (sacl.READ_CONTROL)
collectedItem.standard_read_control.Value = sacl.AuditEventPolicy.ToString();
if (sacl.SYNCHRONIZE)
collectedItem.standard_synchronize.Value = sacl.AuditEventPolicy.ToString();
if (sacl.WRITE_DAC)
collectedItem.standard_write_dac.Value = sacl.AuditEventPolicy.ToString();
if (sacl.WRITE_OWNER)
collectedItem.standard_write_owner.Value = sacl.AuditEventPolicy.ToString();
}
}
private bool IsFilePathDefined(fileauditedpermissions_item fileAuditedPermissionsItem)
{
var filepathEntity = fileAuditedPermissionsItem.filepath;
return ((filepathEntity != null) && (!string.IsNullOrEmpty(filepathEntity.Value)));
}
private string GetCompleteFilepath(fileauditedpermissions_item fileAuditedPermissionsItem)
{
if (IsFilePathDefined(fileAuditedPermissionsItem))
return fileAuditedPermissionsItem.filepath.Value;
else
return Path.Combine(fileAuditedPermissionsItem.path.Value, fileAuditedPermissionsItem.filename.Value);
}
private void CreateFileAuditedPermissions53ItemType(fileauditedpermissions_item item, string filepath, string trusteeSID)
{
var defaultAuditEntityStatus = AuditEventStatus.AUDIT_NONE.ToString();
item.filepath = OvalHelper.CreateItemEntityWithStringValue(filepath);
item.path = OvalHelper.CreateItemEntityWithStringValue(Path.GetDirectoryName(filepath));
item.filename = OvalHelper.CreateItemEntityWithStringValue(Path.GetFileName(filepath));
item.trustee_sid = OvalHelper.CreateItemEntityWithStringValue(trusteeSID);
item.access_system_security = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.file_append_data = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.file_delete_child = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.file_execute = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.file_read_attributes = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.file_read_data = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.file_read_ea = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.file_write_attributes = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.file_write_data = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.file_write_ea = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.generic_all = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.generic_execute = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.generic_read = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.generic_write = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.standard_delete = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.standard_read_control = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.standard_synchronize = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.standard_write_dac = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
item.standard_write_owner = OvalHelper.CreateAuditItemTypeWithValue(defaultAuditEntityStatus);
}