Class: SecurityPolicy
- Inherits:
-
Object
- Object
- SecurityPolicy
- Defined in:
- lib/resources/security_policy.rb
Overview
author: Christoph Hartmann author: Dominik Richter
Security Configuration and Analysis
Export local security policy: secedit /export /cfg secpol.cfg
In Windows, some security options are managed differently that the local GPO All local GPO parameters can be examined via Registry, but not all security parameters. Therefore we need a combination of Registry and secedit output
Instance Method Summary collapse
-
#initialize ⇒ SecurityPolicy
constructor
A new instance of SecurityPolicy.
-
#load ⇒ Object
load security content.
- #method_missing(method) ⇒ Object
- #to_s ⇒ Object
Constructor Details
#initialize ⇒ SecurityPolicy
Returns a new instance of SecurityPolicy.
24 25 26 27 28 |
# File 'lib/resources/security_policy.rb', line 24 def initialize @loaded = false @policy = nil @exit_status = nil end |
Dynamic Method Handling
This class handles dynamic methods through the method_missing method
#method_missing(method) ⇒ Object
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 |
# File 'lib/resources/security_policy.rb', line 51 def method_missing(method) # load data if needed if @loaded == false load end # find line with key key = Regexp.escape(method.to_s) target = '' @policy.each_line {|s| target = s.strip if s =~ /^\s*#{key}\s*=\s*(.*)\b/ } # extract variable value result = target.match(/[=]{1}\s*(?<value>.*)/) if !result.nil? val = result[:value] val = val.to_i if val =~ /^\d+$/ else # TODO: we may need to return skip or failure if the # requested value is not available val = nil end val end |
Instance Method Details
#load ⇒ Object
load security content
31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/resources/security_policy.rb', line 31 def load # export the security policy cmd = inspec.command('secedit /export /cfg win_secpol.cfg') return nil if cmd.exit_status.to_i != 0 # store file content cmd = inspec.command('Get-Content win_secpol.cfg') @exit_status = cmd.exit_status.to_i return nil if @exit_status != 0 @policy = cmd.stdout @loaded = true # returns self self ensure # delete temp file inspec.command('Remove-Item win_secpol.cfg').exit_status.to_i end |
#to_s ⇒ Object
79 80 81 |
# File 'lib/resources/security_policy.rb', line 79 def to_s 'Security Policy' end |