def check_event_logs():
key_string = "HKEY_LOCAL_MACHINE\\" + eventlog_key_hklm
try:
keyh = win32api.RegOpenKeyEx(win32con.HKEY_LOCAL_MACHINE, eventlog_key_hklm , 0, win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE | win32con.KEY_READ)
except:
print "Can't open: " + key_string
return 0
subkeys = win32api.RegEnumKeyEx(keyh)
for subkey in subkeys:
# print key_string + "\\" + subkey[0]
sys.stdout.write(".")
try:
subkeyh = win32api.RegOpenKeyEx(keyh, subkey[0] , 0, win32con.KEY_ENUMERATE_SUB_KEYS | win32con.KEY_QUERY_VALUE | win32con.KEY_READ)
except:
print "Can't open: " + key_string
else:
subkey_count, value_count, mod_time = win32api.RegQueryInfoKey(subkeyh)
# print "\tChild Nodes: %s subkeys, %s values" % (subkey_count, value_count)
try:
filename, type = win32api.RegQueryValueEx(subkeyh, "DisplayNameFile")
except:
pass
else:
weak_perms = check_weak_write_perms(os.path.expandvars(filename), 'file')
if weak_perms:
# print "------------------------------------------------"
# print "Weak permissions found on event log display DLL:"
# print_weak_perms("File", weak_perms)
sys.stdout.write("!")
save_issue("WPC008", "writable_eventlog_dll", weak_perms)
try:
filename, type = win32api.RegQueryValueEx(subkeyh, "File")
except:
pass
else:
weak_perms = check_weak_write_perms(os.path.expandvars(filename), 'file')
if weak_perms:
# print "------------------------------------------------"
# print "Weak permissions found on event log file:"
# print_weak_perms("File", weak_perms)
sys.stdout.write("!")
save_issue("WPC007", "writable_eventlog_file", weak_perms)
print
#sd = win32api.RegGetKeySecurity(subkeyh, win32security.DACL_SECURITY_INFORMATION) # TODO: get owner too?
#print "\tDACL: " + win32security.ConvertSecurityDescriptorToStringSecurityDescriptor(sd, win32security.SDDL_REVISION_1, win32security.DACL_SECURITY_INFORMATION)
评论列表
文章目录
