gposec

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 28, 2024 License: MPL-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ListSectionGeneratorMap = map[string]interface{}{
	"password_policies": WritePasswordPolicies,
	"account_lockout":   WriteAccountLockout,
	"kerberos_policy":   WriteKerberosPolicy,
	"system_log":        WriteSystemLog,
	"audit_log":         WriteAuditLog,
	"application_log":   WriteApplicationLog,
	"event_audit":       WriteEventAudit,
}

ListSectionGeneratorMap maps a schema name to a function that populates the corresponding SecuritySettings fields with resource data.

View Source 
var SetSectionGeneratorMap = map[string]interface{}{
	"restricted_groups": NewRestrictedGroupsFromResource,
	"registry_values":   NewRegistryValuesFromResource,
	"system_services":   NewSystemServicesFromResource,
	"registry_keys":     NewRegistryKeysFromResource,
	"filesystem":        NewFileSystemFromResource,
}

SetSectionGeneratorMap maps a schema name to a function that returns an INI section from resource data The difference with the map above is that this one deals with schema elements that are Sets instead of Lists and therefore require different handling.

View Source 
var SetSectionParserMap = map[string]interface{}{
	"Service General Setting": LoadSystemServicesFromIni,
	"Group Membership":        LoadRestrictedGroupsFromIni,
	"Registry Keys":           LoadRegistryKeysFromIni,
	"Registry Values":         LoadRegistryValuesFromIni,
	"File Security":           LoadFileSystemFromIni,
}

SetSectionParserMap maps INI section names to functions that parse the sections and populate the relevant SecuritySettings fields. The sections not included in this map are handled by ini.MapTo().

Functions

func HandleSectionRead 

func HandleSectionRead(schemaKeys []string, hostData *SecuritySettings, d *schema.ResourceData) error

HandleSectionRead handles all the logic behind the provider's Read() method. For the purposes of the function below: "section": is one of the blocks in the resource's configuration. "hostData": is the golang structure representing the data we parsed from the .inf file we downloaded from the host

func LoadFileSystemFromIni 

func LoadFileSystemFromIni(sectionName string, iniFile *ini.File, cfg *SecuritySettings) error

LoadFileSystemFromIni loads the data from the related INI section inside the given SecuritySettings struct

func LoadRegistryKeysFromIni 

func LoadRegistryKeysFromIni(sectionName string, iniFile *ini.File, cfg *SecuritySettings) error

LoadRegistryKeysFromIni loads the data from the related INI section inside the given SecuritySettings struct

func LoadRegistryValuesFromIni 

func LoadRegistryValuesFromIni(sectionName string, iniFile *ini.File, cfg *SecuritySettings) error

LoadRegistryValuesFromIni loads the data from the related INI section inside the given SecuritySettings struct

func LoadRestrictedGroupsFromIni 

func LoadRestrictedGroupsFromIni(sectionName string, iniFile *ini.File, cfg *SecuritySettings) error

LoadRestrictedGroupsFromIni loads the data from the related INI section inside the given SecuritySettings struct

func LoadSystemServicesFromIni 

func LoadSystemServicesFromIni(sectionName string, iniFile *ini.File, cfg *SecuritySettings) error

LoadSystemServicesFromIni updates the given SecuritySettings struct with data parsed from the INI file

func UTFEncodeIniFile 

func UTFEncodeIniFile(iniFile *ini.File) (*[]byte, error)

UTFEncodeIniFile returs a byte array containing the encoded version of a string. The string is encoded to UTF16-LE with Byte Order Mark.

func WriteAccountLockout 

func WriteAccountLockout(data interface{}, cfg *SecuritySettings) error

WriteAccountLockout populates an AccountLockout struct from resource data

func WriteApplicationLog 

func WriteApplicationLog(data interface{}, cfg *SecuritySettings) error

WriteApplicationLog populates a WriteApplicationLog struct from resource data

func WriteAuditLog 

func WriteAuditLog(data interface{}, cfg *SecuritySettings) error

WriteAuditLog populates an AuditLog struct from resource data

func WriteEventAudit 

func WriteEventAudit(data interface{}, cfg *SecuritySettings) error

WriteEventAudit populates an EventAudit struct from resource data

func WriteKerberosPolicy 

func WriteKerberosPolicy(data interface{}, cfg *SecuritySettings) error

WriteKerberosPolicy populates a KerberosSettings struct from resource data

func WritePasswordPolicies 

func WritePasswordPolicies(data interface{}, cfg *SecuritySettings) error

WritePasswordPolicies populates a PasswordPolicies struct from resource data

func WriteSystemLog 

func WriteSystemLog(data interface{}, cfg *SecuritySettings) error

WriteSystemLog populates a SystemLog struct from resource data

Types

type AccountLockout 

type AccountLockout struct {
	ForceLogoffWhenHourExpire string `ini:",omitempty" mapstructure:"force_logoff_when_hour_expire"`
	LockoutDuration           string `ini:",omitempty" mapstructure:"lockout_duration"`
	LockoutBadCount           string `ini:",omitempty" mapstructure:"lockout_bad_count"`
	ResetLockoutCount         string `ini:",omitempty" mapstructure:"reset_lockout_count"`
}

AccountLockout represents the account lockout section of the Security Settings GPO extension

func (*AccountLockout) SetResourceData 

func (p *AccountLockout) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates resource data based on the AccountLockout field values

type ApplicationLog 

type ApplicationLog struct {
	EventLogPolicy `ini:"Application Log,omitempty,squash"`
}

ApplicationLog represents the Application Log section of the Security Settings GPO extension

func (*ApplicationLog) SetResourceData 

func (p *ApplicationLog) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates resource data based on the ApplicationLog field values

type AuditLog 

type AuditLog struct {
	EventLogPolicy `ini:"Audit Log,omitempty,squash"`
}

AuditLog represents the Audit Log section of the Security Settings GPO extension

func (*AuditLog) SetResourceData 

func (p *AuditLog) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates resource data based on the AuditLog field values

type EventAudit 

type EventAudit struct {
	AuditAccountManage   string `ini:",omitempty" mapstructure:"audit_account_manage"`
	AuditDSAccess        string `ini:",omitempty" mapstructure:"audit_ds_access"`
	AuditAccountLogon    string `ini:",omitempty" mapstructure:"audit_account_logon"`
	AuditLogonEvents     string `ini:",omitempty" mapstructure:"audit_logon_events"`
	AuditObjectAccess    string `ini:",omitempty" mapstructure:"audit_object_access"`
	AuditPolicyChange    string `ini:",omitempty" mapstructure:"audit_policy_change"`
	AuditPrivilegeUse    string `ini:",omitempty" mapstructure:"audit_privilege_use"`
	AuditProcessTracking string `ini:",omitempty" mapstructure:"audit_process_tracking"`
	AuditSystemEvents    string `ini:",omitempty" mapstructure:"audit_system_events"`
}

EventAudit represents the event audit policies section of the Security Settings GPO extension

func (*EventAudit) SetResourceData 

func (p *EventAudit) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates resource data based on the EventAudit field values

type EventLogPolicy 

type EventLogPolicy struct {
	MaximumLogSize          string `ini:",omitempty" mapstructure:"maximum_log_size,omitempty"`
	AuditLogRetentionPeriod string `ini:",omitempty" mapstructure:"audit_log_retention_period,omitempty"`
	RetentionDays           string `ini:",omitempty" mapstructure:"retention_days,omitempty"`
	RestrictGuestAccess     string `ini:",omitempty" mapstructure:"restrict_guest_access,omitempty"`
}

EventLogPolicy is a structure that is used by the next three identical structures

func NewEventLogPolicy 

func NewEventLogPolicy(data interface{}) (EventLogPolicy, error)

NewEventLogPolicy returns an EventLogPolicy structure populated from resource data

func (*EventLogPolicy) SetResourceData 

func (p *EventLogPolicy) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates resource data based on the EventLogPolicy field values

type FileSystem 

type FileSystem struct {
	Paths []string
}

FileSystem represents the File System section of the Security Settings GPO extension

func (*FileSystem) SetIniData 

func (r *FileSystem) SetIniData(f *ini.File) error

SetIniData populates the INI file with data from this struct

func (*FileSystem) SetResourceData 

func (r *FileSystem) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates the resource's filed for the given section using the struct's data.

type IniSetSection 

type IniSetSection interface {
	SetIniData(*ini.File) error
}

IniSetSection is used when we need to treat all Set-typed schema elements the same way

func NewFileSystemFromResource 

func NewFileSystemFromResource(data interface{}) (IniSetSection, error)

NewFileSystemFromResource returns a new struct based on the resource's values

func NewRegistryKeysFromResource 

func NewRegistryKeysFromResource(data interface{}) (IniSetSection, error)

NewRegistryKeysFromResource returns a new struct based on the resoruce's values

func NewRegistryValuesFromResource 

func NewRegistryValuesFromResource(data interface{}) (IniSetSection, error)

NewRegistryValuesFromResource returns a new struct based on the resoruce's values

func NewRestrictedGroupsFromResource 

func NewRestrictedGroupsFromResource(data interface{}) (IniSetSection, error)

NewRestrictedGroupsFromResource returns a new struct based on the resoruce's values

func NewSystemServicesFromResource 

func NewSystemServicesFromResource(data interface{}) (IniSetSection, error)

NewSystemServicesFromResource returns a new SystemServices structure populated with data from the resources.

type KerberosPolicy 

type KerberosPolicy struct {
	MaxServiceAge        string `ini:",omitempty" mapstructure:"max_service_age"`
	MaxTicketAge         string `ini:",omitempty" mapstructure:"max_ticket_age"`
	MaxRenewAge          string `ini:",omitempty" mapstructure:"max_renew_age"`
	MaxClockSkew         string `ini:",omitempty" mapstructure:"max_clock_skew"`
	TicketValidateClient string `ini:",omitempty" mapstructure:"ticket_validate_client"`
}

KerberosPolicy represents the kerberos settings section of the Security Settings GPO extension

func (*KerberosPolicy) SetResourceData 

func (p *KerberosPolicy) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates resource data based on the KerberosSettings field values

type PasswordPolicies 

type PasswordPolicies struct {
	MaximumPasswordAge    string `ini:",omitempty" mapstructure:"maximum_password_age"`
	MinimumPasswordAge    string `ini:",omitempty" mapstructure:"minimum_password_age"`
	MinimumPasswordLength string `ini:",omitempty" mapstructure:"minimum_password_length"`
	PasswordComplexity    string `ini:",omitempty" mapstructure:"password_complexity"`
	ClearTextPassword     string `ini:",omitempty" mapstructure:"clear_text_password"`
	PasswordHistorySize   string `ini:",omitempty" mapstructure:"password_history_size"`
}

PasswordPolicies represents the password policies section of the Security Settings GPO extension

func (*PasswordPolicies) SetResourceData 

func (p *PasswordPolicies) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates resource data based on the PasswordPolicies field values

type RegistryKeys 

type RegistryKeys struct {
	Keys []string
}

RegistryKeys represents the Registry Keys section of the Security Settings GPO extension

func (*RegistryKeys) SetIniData 

func (r *RegistryKeys) SetIniData(f *ini.File) error

SetIniData populates the INI file with data from this struct

func (*RegistryKeys) SetResourceData 

func (r *RegistryKeys) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates the resource's filed for the given section using the struct's data.

type RegistryValues 

type RegistryValues struct {
	Values []string
}

RegistryValues is used to populate the Registry Values section of the inf file that is used by many GPO features to set values in the registry

func (*RegistryValues) SetIniData 

func (r *RegistryValues) SetIniData(f *ini.File) error

SetIniData populates the INI file with data from this struct

func (*RegistryValues) SetResourceData 

func (r *RegistryValues) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates the resource's filed for the given section using the struct's data.

type RestrictedGroup 

type RestrictedGroup struct {
	GroupName    string
	GroupMembers string
	GroupParents string
}

RestrictedGroup represents a group that has its membership attributes managed by a GPO

type RestrictedGroups 

type RestrictedGroups struct {
	Groups []RestrictedGroup `mapstructure:"omitempty"`
}

RestrictedGroups represents the Restricted Groups section of the Security Settings GPO extension

func (*RestrictedGroups) SetIniData 

func (r *RestrictedGroups) SetIniData(f *ini.File) error

SetIniData populates the INI file with data from this struct

func (*RestrictedGroups) SetResourceData 

func (r *RestrictedGroups) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates resource data based on the RestrictedGroups field values

type SecuritySettings 

type SecuritySettings struct {
	Unicode
	Version
	*SystemAccess     `ini:"System Access,omitempty" mapstructure:"system_access,omitempty"`
	*KerberosPolicy   `ini:"Kerberos Policy,omitempty" mapstructure:"kerberos_settings,omitempty"`
	*EventAudit       `ini:"Event Audit,omitempty" mapstructure:"event_audit_policy,omitempty"`
	*SystemLog        `ini:"System Log,omitempty" mapstructure:"system_log,omitempty"`
	*AuditLog         `ini:"Security Log,omitempty" mapstructure:"audit_log,omitempty"`
	*ApplicationLog   `ini:"Application Log,omitempty" mapstructure:"application_log,omitempty"`
	*RestrictedGroups `ini:"Group Membership,omitempty" mapstructure:"restricted_groups,omitempty"`
	*RegistryKeys     `ini:"Registry Keys,omitempty" mapstructure:"registry_keys,omitempty"`
	*RegistryValues   `ini:"Registry Values,omitempty" mapstructure:"registry_values,omitempty"`
	*SystemServices   `ini:"Service General Setting,omitempty" mapstructure:"system_services,omitempty"`
	*FileSystem       `ini:"File Security,omitempty" mapstructure:"filesystem,omitempty"`
}

SecuritySettings is a data structure representing the contents of the security settings INF file. It has tags used to map both the contents of the INF file as well as the resource data.

func NewSecuritySettings 

func NewSecuritySettings() *SecuritySettings

NewSecuritySettings returns a SecuritySettings struct with the header already populated. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gpsb/fa15485d-ae9f-456e-a08f-81f2e5725a7e

func ParseIniFile 

func ParseIniFile(iniBytes []byte, utf16Decode bool) (*SecuritySettings, error)

ParseIniFile decodes the INF file and returns an IniFile populated with the data found in it. If ut16fDecode is true then it translates contents from UTF16.

func (*SecuritySettings) GetSectionData 

func (s *SecuritySettings) GetSectionData(section string, d *schema.ResourceData) error

GetSectionData returns one of SecuritySettings' nested structures based on the key provided

func (*SecuritySettings) PopulateSecuritySettings 

func (s *SecuritySettings) PopulateSecuritySettings(d *schema.ResourceData, iniFile *ini.File) error

PopulateSecuritySettings populates the SecuritySettings struct from resource data

type SystemAccess 

type SystemAccess struct {
	*PasswordPolicies `ini:"System Access,omitempty,squash"`
	*AccountLockout   `ini:"System Access,omitempty,squash"`
}

SystemAccess is a header in the INF file that holds information for the two sections described above

type SystemLog 

type SystemLog struct {
	EventLogPolicy `ini:"System Log,omitempty,squash"`
}

SystemLog represents the system log section of the Security Settings GPO extension

func (*SystemLog) SetResourceData 

func (p *SystemLog) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates resource data based on the SystemLog field values

type SystemServices 

type SystemServices struct {
	Services []string
}

SystemServices represents the System Services section of the Security Settings GPO extension

func (*SystemServices) SetIniData 

func (r *SystemServices) SetIniData(f *ini.File) error

SetIniData populates the INI file with data.

func (*SystemServices) SetResourceData 

func (r *SystemServices) SetResourceData(section string, d *schema.ResourceData) error

SetResourceData populates resource data based on the SystemServices field values

type Unicode 

type Unicode struct {
	Unicode string
}

Unicode is a required section

type Version 

type Version struct {
	Signature string `ini:"signature"`
	Revision  int
}

Version is a required section

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.