tis-audit-bitlocker

10.0-10
Auditing TPM capabilities and if the drive C: is protected with BitLocker
1444 downloads
Download
tis-audit-bitlocker icon

  Description 

  • package : tis-audit-bitlocker
  • version : 10.0-10
  • architecture : all
  • categories : Security
  • maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ,Hübert TOUVET
  • description : Auditing TPM capabilities and if the drive C: is protected with BitLocker
  • locale :
  • target_os : windows
  • min_wapt_version : 1.8
  • sources :
  • installed_size :
  • impacted_process :
  • description_fr :
  • description_pl :
  • description_de :
  • description_es :
  • description_pt :
  • description_it :
  • description_nl :
  • description_ru :
  • editor :
  • licence :
  • signature_date : 2021-06-24T11:42:36.231085
  • Depends :

  Setup.py 

# -*- coding: utf-8 -*-
from setuphelpers import *
#from typing import Awaitable
#import wmi
#import pprint


def install():
    pass


def audit():
    # Declaring local variables
    return_warning = False
    return_error = False

    res_tpm = run_powershell("Get-Tpm")
    if res_tpm['TpmPresent'] == False:
        print("ERROR: No TPM chip found on this system")
        return "ERROR"
    else:
        print("OK: TPM chip found on this system")
        if res_tpm['TpmReady'] == True:
            print('OK: TPM chip ready')
        else:
            print("WARNING: TPM chip not ready")
            return_warning = True

    """ wmiserv = wmi.WMI(moniker=r"winmgmts:\\.\root\CIMV2\Security\MicrosoftVolumeEncryption")
    items = ensure_list(wmi_as_struct(wmiserv.query("SELECT * FROM Win32_EncryptableVolume")))

    maps = {
        'EncryptionMethod':("None", "AES 128 With Diffuser", "AES 256 With Diffuser", "AES 128", "AES 256"),
        'ProtectionStatus':("Protection Off", "Protection On", "Protection Unknown"),
        'ConversionStatus':("Fully Decrypted", "Fully Encrypted", "Encryption In Progress", "Decryption In Progress", "Encryption Paused", "Decryption Paused"),
        'LockStatus':("Unlocked", "Locked"),
    }

    # pour afficher en texte clair au lieu de integer le status
    try:
        for item in items:
            for key in item:
                if key in maps:
                    if item[key] < len(maps[key]):
                        item[key] = maps[key][item[key]]
    except:
        print("ERROR: returned items malformed")
        pprint.pprint(items)
        return 'ERROR' """

    mountpoint_list = ensure_list(run_powershell('(Get-BitLockerVolume).MountPoint'))

    # Cleaning mountpoints (unpartitionned devices and removal devices)
    for clean_mp in mountpoint_list:
        is_ignored = False
        if '?' in clean_mp:
            print("INFO: An unknow volume has been detected and will be skipped (%s)" % clean_mp)
            is_ignored = True
        if run_powershell('Get-Volume -DriveLetter %s | Where-Object DriveType -EQ Removable' % clean_mp.replace(':', '')):
            is_ignored = True
        if is_ignored:
            mountpoint_list.remove(clean_mp)

    for mountpoint in mountpoint_list:
        try:
            recovery_key = run_powershell("(Get-BitLockerVolume -MountPoint {}).KeyProtector[1].RecoveryPassword".format(mountpoint))
            if recovery_key:
                print("OK: {} recovery key found".format(mountpoint))
        except:
            print("WARNING: Failed to recover {} mountpoint key".format(mountpoint))
            return_warning = True

    if recovery_key:
        print("Storing recovery key to AD")
        for mountpoint in mountpoint_list:
            try:
                key_protectorid = run_powershell('(Get-BitLockerVolume -MountPoint "{}").KeyProtector[1].KeyProtectorId'.format(mountpoint))
                run_powershell('Backup-BitLockerKeyProtector -MountPoint "{}" -KeyProtectorId "{}"'.format(mountpoint,key_protectorid))
            except Exception as e:
                print("WARNING: Failed to store recovery key to AD: {}".format(mountpoint))
                return_warning = True

    for mountpoint in mountpoint_list:
        if run_powershell('Get-BitLockerVolume -MountPoint %s | Select-Object -ExpandProperty ProtectionStatus' % mountpoint) == 0:
            print("ERROR: BitLocker is disable on %s Drive" % mountpoint)
            return_error = True
        else:
            print("OK: BitLocker is enable on %s Drive" % mountpoint)

    """ for item in items:
        drive_letter = item['DriveLetter']
        if item['ProtectionStatus'] == 'Protection Off':
            print("ERROR: %s Drive is NOT BitLocked" % drive_letter)
            return_error = True
        else:
            print("OK: C: Drive is BitLocked") """

    if return_error:
        return "ERROR"

    if return_warning:
        return "WARNING"

    return "OK"


def update_package():
    pass




										

  Changelog 



No changelog.txt.
									
  manifest.sha256