Class: SecurityPolicy

Inherits:

Object

Object
SecurityPolicy

show all

Defined in:: lib/resources/security_policy.rb

Overview

author: Christoph Hartmann author: Dominik Richter

Security Configuration and Analysis

Export local security policy: secedit /export /cfg secpol.cfg

In Windows, some security options are managed differently that the local GPO All local GPO parameters can be examined via Registry, but not all security parameters. Therefore we need a combination of Registry and secedit output

Instance Method Summary collapse

#initialize ⇒ SecurityPolicy constructor

A new instance of SecurityPolicy.
#load ⇒ Object

load security content.
#method_missing(method) ⇒ Object
#to_s ⇒ Object

Constructor Details

#initialize ⇒ `SecurityPolicy`

Returns a new instance of SecurityPolicy.

# File 'lib/resources/security_policy.rb', line 24

def initialize
  @loaded = false
  @policy = nil
  @exit_status = nil
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method) ⇒ `Object`

# File 'lib/resources/security_policy.rb', line 51

def method_missing(method)
  # load data if needed
  if @loaded == false
    load
  end

  # find line with key
  key = Regexp.escape(method.to_s)
  target = ''
  @policy.each_line {|s|
    target = s.strip if s =~ /^\s*#{key}\s*=\s*(.*)\b/
  }

  # extract variable value
  result = target.match(/[=]{1}\s*(?<value>.*)/)

  if !result.nil?
    val = result[:value]
    val = val.to_i if val =~ /^\d+$/
  else
    # TODO: we may need to return skip or failure if the
    # requested value is not available
    val = nil
  end

  val
end

Instance Method Details

#load ⇒ `Object`

load security content

# File 'lib/resources/security_policy.rb', line 31

def load
  # export the security policy
  cmd = inspec.command('secedit /export /cfg win_secpol.cfg')
  return nil if cmd.exit_status.to_i != 0

  # store file content
  cmd = inspec.command('Get-Content win_secpol.cfg')
  @exit_status = cmd.exit_status.to_i
  return nil if @exit_status != 0
  @policy = cmd.stdout
  @loaded = true

  # returns self
  self

ensure
  # delete temp file
  inspec.command('Remove-Item win_secpol.cfg').exit_status.to_i
end

#to_s ⇒ `Object`



79
80
81

# File 'lib/resources/security_policy.rb', line 79

def to_s
  'Security Policy'
end