tis-audit-local-admins

70-10
Audite les administrateurs locaux
2972 téléchargements
Télécharger
Voir le résultat de la construction Voir l'analyse de VirusTotal
tis-audit-local-admins icon
  • package : tis-audit-local-admins
  • name : Audit Local Admins
  • version : 70-10
  • categories : Security
  • maintainer : WAPT Team,Tranquil IT,Simon Fonteneau,Jimmy PELÉ
  • editor :
  • licence :
  • locale : all
  • target_os : windows
  • impacted_process :
  • architecture : all
  • signature_date : 2024-06-30 12:00
  • size : 8.04 Ko
package           : tis-audit-local-admins
version           : 70-10
architecture      : all
section           : base
priority          : optional
name              : Audit Local Admins
categories        : Security
maintainer        : WAPT Team,Tranquil IT,Simon Fonteneau,Jimmy PELÉ
description       : Audits local administrators
depends           : 
conflicts         : 
maturity          : PROD
locale            : all
target_os         : windows
min_wapt_version  : 2.3
sources           : 
installed_size    : 
impacted_process  : 
description_fr    : Audite les administrateurs locaux
description_pl    : Audyty lokalnych administratorów
description_de    : prüft lokale Verwalter
description_es    : Audita a los administradores locales
description_pt    : Audita os administradores locais
description_it    : Verifica gli amministratori locali
description_nl    : Audits van lokale beheerders
description_ru    : Проверяет локальных администраторов
audit_schedule    : 2h
editor            : 
keywords          : 
licence           : 
homepage          : 
package_uuid      : 92c687de-dd00-453e-8443-df376ed04d70
valid_from        : 
valid_until       : 
forced_install_on : 
changelog         : 
min_os_version    : 
max_os_version    : 
icon_sha256sum    : 4e424cf16b749d1dff5b232130000cd4b633399ee5dddce76f8d8a95117ae105
signer            : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature         : CTh5fE6tcfzkJcf48G7Vto8QxzR6JXwRyEKdflNZrWODkkF26Z5ZqovFRqNJzu+IxUl528xgWyCxV/0Ade0dtdgsWyhs8+/72hQdv1zvp7eJBrCK1Y/bAqER1Uma7zs0OH+6gwt9n1CI09bM2Qi7sYET1CTGw6OnQErBqtTiGl2D/c1abGOHimCcT7wJBe9Vx3x0uAvt1SnOkqssEIpW3p9tpwQ4DfyHOY2gDAPyrnMa0OfjmEZu1+RHi5obKT1+k6G8XHqWI+l0mDtJJPFOjOOEXup6tWIXIM0+Nt+DFSSa9+713+TsK9kKEeJ8HeTk7jM6VLjQdRtsYvVjvPkIjA==
signature_date    : 2024-06-30T12:00:42.531700
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,min_os_version,max_os_version,icon_sha256sum,signer,signer_fingerprint,signature_date,signed_attributes
# -*- coding: utf-8 -*-
from setuphelpers import *
import win32security
import win32net
import os


audit_local_admins = None
# Give domain Name
domain_name = os.environ["USERDOMAIN"]

# Define allowed users in admin group
allowed_admins_list = [
    rf"{get_computername()}\tisadmin",
    rf"{domain_name}\tis-adm",
]
dict_sid_name = {}


def install():
    pass


def audit():
    global dict_sid_name, audit_local_admins

    if len(get_computername()) > 15:
        print("Computer name longer than 15 characters.")
        return "ERROR"

    audit_local_admins = makepath(install_location("WAPT_is1"), "private", "persistent", control.package_uuid, "audit-local-admins-cache.json")

    try:
        dict_sid_name = cache_info()
    except:
        dict_sid_name = {}

    # domain admins group name
    name_group_admin = get_name_with_sid("S-1-5-32-544")

    # local user administrator group name
    local_administrator = str(
        get_computername()
        + "\\"
        + get_name_with_sid(win32security.ConvertSidToStringSid(win32net.NetUserModalsGet(get_computername(), 2)["domain_id"]) + "-500")
    ).lower()

    # allowed for local administror user and domain name ...
    allow_admin = [local_administrator, domain_name.lower() + "\\"]

    # Try add "domain admins" group in allow admin list
    try:
        allow_admin.append(str("%s\\%s".lower() % (domain_name, get_name_with_sid("%s-512" % get_domain_sid()))).lower())
    except Exception as e:
        print("Domain controllers are unavailable?")
        error(e)

    # convert allowed_admins_list in lower and add in allow_admin liste
    newlist = []
    for l in allowed_admins_list:
        newlist.append(l.lower())
    allow_admin.extend(newlist)

    json_write_file(audit_local_admins, dict_sid_name)

    # print bad user in admin list
    unallowed_user_in_admins_group = False
    listerror = []
    admins_users = local_group_members(name_group_admin)

    admins_dict = {"unallowed": {}, "allowed": {}}

    for user in admins_users:
        domain = user.split("\\")[0]
        username = user.split("\\")[-1]

        if not user.lower() in allow_admin:
            listerror.append(user)
            admins_dict["unallowed"][domain] = admins_dict["unallowed"].get(domain, [])
            admins_dict["unallowed"][domain].append(username)
        else:
            admins_dict["allowed"][domain] = admins_dict["allowed"].get(domain, [])
            admins_dict["allowed"][domain].append(username)

    print("ADMINS LIST : %s" % ",".join(admins_users))  # Allowed users in admin list:    
    if listerror:
        print("UNALLOWED ADMINS LIST : %s" % ",".join(listerror))  # Bad users in admin list:
        unallowed_user_in_admins_group = True


    WAPT.write_audit_data_if_changed("audit-local-admins", "audit-local-admins", admins_dict)

    if unallowed_user_in_admins_group:
        return "ERROR"

    return "OK"


def cache_info():
    global audit_local_admins
    return json_load_file(audit_local_admins)


# Get Name With SID
def get_name_with_sid(osid):
    global dict_sid_name
    try:
        sid = win32security.GetBinarySid(osid)
        name, domain, typ = win32security.LookupAccountSid(wincomputername(), sid)
        dict_sid_name[osid] = name
        return name
    except:
        if osid in dict_sid_name:
            return dict_sid_name[osid]
        error("Failed name resolution for %s" % osid)


# Found Domain SID
def get_domain_sid():
    global dict_sid_name
    try:
        umi2 = win32net.NetUserModalsGet(win32net.NetGetDCName(), 2)
        domain_sid = umi2["domain_id"]
        name = win32security.ConvertSidToStringSid(domain_sid)
        dict_sid_name["get_domain_sid"] = name
        return name
    except:
        if "get_domain_sid" in dict_sid_name:
            return dict_sid_name["get_domain_sid"]
        error("Domain SID is not available")

ba3b62e93745c7a25801b6b07aea096e0f93411a1f13beae6c7349ad48bf9cc3 : setup.py
4e424cf16b749d1dff5b232130000cd4b633399ee5dddce76f8d8a95117ae105 : WAPT/icon.png
a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf : WAPT/certificate.crt
085a02c183245ce26e3201fbec46e85d1760588e07913448e031299e275c2d12 : luti.json
3db80853e3b6c49603d655372b807b0ca329d297e24450014fc12420655f6b2e : WAPT/control