tis-audit-bitlocker
10.0-10
Auditing TPM capabilities and if the drive C: is protected with BitLocker
1444 downloads
Description
- package : tis-audit-bitlocker
- version : 10.0-10
- architecture : all
- categories : Security
- maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ,Hübert TOUVET
- description : Auditing TPM capabilities and if the drive C: is protected with BitLocker
- locale :
- target_os : windows
- min_wapt_version : 1.8
- sources :
- installed_size :
- impacted_process :
- description_fr :
- description_pl :
- description_de :
- description_es :
- description_pt :
- description_it :
- description_nl :
- description_ru :
- editor :
- licence :
- signature_date : 2021-06-24T11:42:36.231085
- Depends :
Setup.py
# -*- coding: utf-8 -*-
from setuphelpers import *
#from typing import Awaitable
#import wmi
#import pprint
def install():
pass
def audit():
# Declaring local variables
return_warning = False
return_error = False
res_tpm = run_powershell("Get-Tpm")
if res_tpm['TpmPresent'] == False:
print("ERROR: No TPM chip found on this system")
return "ERROR"
else:
print("OK: TPM chip found on this system")
if res_tpm['TpmReady'] == True:
print('OK: TPM chip ready')
else:
print("WARNING: TPM chip not ready")
return_warning = True
""" wmiserv = wmi.WMI(moniker=r"winmgmts:\\.\root\CIMV2\Security\MicrosoftVolumeEncryption")
items = ensure_list(wmi_as_struct(wmiserv.query("SELECT * FROM Win32_EncryptableVolume")))
maps = {
'EncryptionMethod':("None", "AES 128 With Diffuser", "AES 256 With Diffuser", "AES 128", "AES 256"),
'ProtectionStatus':("Protection Off", "Protection On", "Protection Unknown"),
'ConversionStatus':("Fully Decrypted", "Fully Encrypted", "Encryption In Progress", "Decryption In Progress", "Encryption Paused", "Decryption Paused"),
'LockStatus':("Unlocked", "Locked"),
}
# pour afficher en texte clair au lieu de integer le status
try:
for item in items:
for key in item:
if key in maps:
if item[key] < len(maps[key]):
item[key] = maps[key][item[key]]
except:
print("ERROR: returned items malformed")
pprint.pprint(items)
return 'ERROR' """
mountpoint_list = ensure_list(run_powershell('(Get-BitLockerVolume).MountPoint'))
# Cleaning mountpoints (unpartitionned devices and removal devices)
for clean_mp in mountpoint_list:
is_ignored = False
if '?' in clean_mp:
print("INFO: An unknow volume has been detected and will be skipped (%s)" % clean_mp)
is_ignored = True
if run_powershell('Get-Volume -DriveLetter %s | Where-Object DriveType -EQ Removable' % clean_mp.replace(':', '')):
is_ignored = True
if is_ignored:
mountpoint_list.remove(clean_mp)
for mountpoint in mountpoint_list:
try:
recovery_key = run_powershell("(Get-BitLockerVolume -MountPoint {}).KeyProtector[1].RecoveryPassword".format(mountpoint))
if recovery_key:
print("OK: {} recovery key found".format(mountpoint))
except:
print("WARNING: Failed to recover {} mountpoint key".format(mountpoint))
return_warning = True
if recovery_key:
print("Storing recovery key to AD")
for mountpoint in mountpoint_list:
try:
key_protectorid = run_powershell('(Get-BitLockerVolume -MountPoint "{}").KeyProtector[1].KeyProtectorId'.format(mountpoint))
run_powershell('Backup-BitLockerKeyProtector -MountPoint "{}" -KeyProtectorId "{}"'.format(mountpoint,key_protectorid))
except Exception as e:
print("WARNING: Failed to store recovery key to AD: {}".format(mountpoint))
return_warning = True
for mountpoint in mountpoint_list:
if run_powershell('Get-BitLockerVolume -MountPoint %s | Select-Object -ExpandProperty ProtectionStatus' % mountpoint) == 0:
print("ERROR: BitLocker is disable on %s Drive" % mountpoint)
return_error = True
else:
print("OK: BitLocker is enable on %s Drive" % mountpoint)
""" for item in items:
drive_letter = item['DriveLetter']
if item['ProtectionStatus'] == 'Protection Off':
print("ERROR: %s Drive is NOT BitLocked" % drive_letter)
return_error = True
else:
print("OK: C: Drive is BitLocked") """
if return_error:
return "ERROR"
if return_warning:
return "WARNING"
return "OK"
def update_package():
pass