From d1239bfa9e34b86ddc8988e9835b5a4903fc9096 Mon Sep 17 00:00:00 2001 From: "ildarnn22@gmail.com" Date: Tue, 24 Oct 2023 11:21:39 +0200 Subject: [PATCH] Implemented a new way of checking the bunch of STIGs of AuditPolicy group --- ExternalFiles/check.txt | 1 + ExternalFiles/exec.txt | 1 + pom.xml | 95 +------------------ .../win10_new/AuditPolicy/AuditPolMain.java | 64 +++++++++++++ .../AuditPolicy/stigs/StigClassGenerator.java | 72 ++++++++++++++ .../AuditPolicy/stigs/StigFileParser.java | 28 ++++++ .../AuditPolicy/stigs/StigTemplate.java | 28 ++++++ .../win10_new/AuditPolicy/stigs/V_63447.java | 2 +- .../win10_new/AuditPolicy/stigs/V_63449.java | 2 +- .../win10_new/AuditPolicy/stigs/V_63463.java | 2 +- .../win10_new/AuditPolicy/stigs/V_63467.java | 2 +- .../AuditPolicy/stigs/stig_input.txt | 34 +++++++ .../win10_new/UI/ParameterEntryForm.java | 33 ------- src/main/resources/tasks.properties | 78 +++++++++++++++ 14 files changed, 315 insertions(+), 127 deletions(-) create mode 100644 ExternalFiles/check.txt create mode 100644 ExternalFiles/exec.txt create mode 100644 src/main/java/rqcode/stigs/win10_new/AuditPolicy/AuditPolMain.java create mode 100644 src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/StigClassGenerator.java create mode 100644 src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/StigFileParser.java create mode 100644 src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/StigTemplate.java create mode 100644 src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/stig_input.txt delete mode 100644 src/main/java/rqcode/stigs/win10_new/UI/ParameterEntryForm.java create mode 100644 src/main/resources/tasks.properties diff --git a/ExternalFiles/check.txt b/ExternalFiles/check.txt new file mode 100644 index 0000000..6664450 --- /dev/null +++ b/ExternalFiles/check.txt @@ -0,0 +1 @@ +auditpol /get /subcategory:"%guid%" \ No newline at end of file diff --git a/ExternalFiles/exec.txt b/ExternalFiles/exec.txt new file mode 100644 index 0000000..f1c0ced --- /dev/null +++ b/ExternalFiles/exec.txt @@ -0,0 +1 @@ +auditpol /set /subcategory:"%task%" /%parameter%:%value% diff --git a/pom.xml b/pom.xml index 88af3b2..495a369 100644 --- a/pom.xml +++ b/pom.xml @@ -58,104 +58,19 @@ - true - lib/ - rqcode/stigs/win10_new/Windows10SecurityTechnicalImplementationGuide + + + rqcode.stigs.win10_new.AuditPolicy.AuditPolMain - - maven-clean-plugin - 3.1.0 - - - - maven-resources-plugin - 3.0.2 - - - maven-compiler-plugin - 3.8.0 - - - maven-surefire-plugin - 2.22.1 - - - maven-jar-plugin - 3.0.2 - - - maven-install-plugin - 2.5.2 - - - maven-deploy-plugin - 2.8.2 - - - - maven-site-plugin - 3.7.1 - - - maven-project-info-reports-plugin - 3.0.0 - - - - - maven-javadoc-plugin - 3.4.1 - - - attach-javadocs - - jar - - - - - - nl.talsmasoftware.umldoclet.UMLDoclet - - nl.talsmasoftware - umldoclet - 2.1.0 - - - - - - + + - - - - - maven-javadoc-plugin - 3.4.1 - - - nl.talsmasoftware.umldoclet.UMLDoclet - - nl.talsmasoftware - umldoclet - 2.1.0 - - - - - - - - \ No newline at end of file diff --git a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/AuditPolMain.java b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/AuditPolMain.java new file mode 100644 index 0000000..a76de69 --- /dev/null +++ b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/AuditPolMain.java @@ -0,0 +1,64 @@ + + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.nio.file.Files; +import java.nio.file.Paths; +import java.util.Properties; + +/* + We are preparing three files: + * exec.txt: This is a simple template of a PowerShell script for setting values. + * check.txt: This is a template of a PowerShell script for obtaining values. + * tasks.properties: This file is used for mapping task numbers (e.g., V-63447) to their corresponding GUID (e.g., {0000-0000-000-0001}). Additionally, we store additional fields for the parameter and value of each task in this file. + + How it works: + * The task name is provided as a command-line argument when running the JAR file. For example, when running the JAR, you simply specify the task name (java -jar jarname.jar V-63447). + * + * Next, we read the tasks.properties file and check if the desired task exists. If it doesn't exist, we throw an exception. + * The next step is to read the check.txt file, as it's a template that needs to be filled with real values. We have already obtained the real values from tasks.properties. + * After substituting these values, we have a command ready to be executed. + */ + + +public class AuditPolMain { + + public static void main(String[] args) throws IOException { + String taskName = args[0]; + + try (InputStream input = AuditPolMain.class.getClassLoader().getResourceAsStream("tasks.properties")) { + + Properties properties = new Properties(); + + if (input == null) { + throw new IllegalArgumentException("file tasks.properties is not found"); + } + + //load a properties file from class path, inside static method + properties.load(input); + + String guid = (String) properties.get(taskName); + String parameter = (String)properties.get(taskName + ".param"); + String value = (String)properties.get(taskName + ".value"); + if(guid == null || parameter == null || value == null) + throw new IllegalArgumentException(String.format("Task number %s not found!", taskName)); + + + byte[] bytes = Files.readAllBytes(Paths.get("ExternalFiles" + File.separator + "check.txt")); + String exec = new String(bytes); + exec = exec.replaceAll("%task%", guid); + exec = exec.replaceAll("%guid%", guid); + exec = exec.replaceAll("%parameter%", parameter); + exec = exec.replaceAll("%value%", value); + System.out.println(exec); + //Process execResult = Runtime.getRuntime().exec(exec); + + } catch (IOException ex) { + ex.printStackTrace(); + } + + } + +} + diff --git a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/StigClassGenerator.java b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/StigClassGenerator.java new file mode 100644 index 0000000..986665e --- /dev/null +++ b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/StigClassGenerator.java @@ -0,0 +1,72 @@ +import java.io.BufferedReader; +import java.io.File; +import java.io.FileReader; +import java.io.FileWriter; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +public class StigClassGenerator { + public static void main(String[] args) { + String fileName = "src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/stig_input.txt"; + String outputDirectory = "rqcode/stigs/win10_new/AuditPolicy/stigs/outputs"; + List stigInfoList = new ArrayList<>(); + + try (BufferedReader br = new BufferedReader(new FileReader(fileName))) { + String line; + while ((line = br.readLine()) != null) { + String[] parts = line.split("\\s"); // Split by spaces + if (parts.length == 3) { + String stig = parts[0]; + String checkValue = parts[1]; + String guid = parts[2]; + stigInfoList.add(new StigInfo(stig, checkValue, guid)); + } else { + System.err.println("Invalid line: " + line); + } + } + } catch (IOException e) { + e.printStackTrace(); + } + + // Generate StigTemplate classes based on stigInfoList + for (StigInfo stigInfo : stigInfoList) { + String className = "V_" + stigInfo.getStig(); + String filePath = outputDirectory + "/" + className + ".java"; + + try (FileWriter writer = new FileWriter(new File(filePath))) { + writer.write("public class " + className + " extends StigTemplate {\n"); + writer.write("\tpublic " + className + "() {\n"); + writer.write("\t\tsuper(\"" + stigInfo.getGuid() + "\", \"" + stigInfo.getCheckValue() + "\");\n"); + writer.write("\t}\n"); + writer.write("}\n"); + } catch (IOException e) { + e.printStackTrace(); + } + } + } + + static class StigInfo { + private String stig; + private String checkValue; + private String guid; + + public StigInfo(String stig, String checkValue, String guid) { + this.stig = stig; + this.checkValue = checkValue; + this.guid = guid; + } + + public String getStig() { + return stig; + } + + public String getCheckValue() { + return checkValue; + } + + public String getGuid() { + return guid; + } + } +} diff --git a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/StigFileParser.java b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/StigFileParser.java new file mode 100644 index 0000000..de02424 --- /dev/null +++ b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/StigFileParser.java @@ -0,0 +1,28 @@ +import java.io.BufferedReader; +import java.io.FileReader; +import java.io.IOException; + +public class StigFileParser { + public static void main(String[] args) { + String fileName = "stig_input.txt"; // Change this to your file's path if needed + try (BufferedReader br = new BufferedReader(new FileReader(fileName))) { // Added closing parenthesis + String line; + while ((line = br.readLine()) != null) { + String[] parts = line.split("\\s"); // Split by spaces + if (parts.length == 3) { + String stig = parts[0]; + String parameter = parts[1]; + String guid = parts[2]; + System.out.println("STIG: " + stig); + System.out.println("Parameter: " + parameter); + System.out.println("GUID: " + guid); + System.out.println(); // Separate records + } else { + System.err.println("Invalid line: " + line); + } + } + } catch (IOException e) { + e.printStackTrace(); + } + } +} diff --git a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/StigTemplate.java b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/StigTemplate.java new file mode 100644 index 0000000..69dd95a --- /dev/null +++ b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/StigTemplate.java @@ -0,0 +1,28 @@ +package rqcode.stigs.win10_new.AuditPolicy.stigs; + +import rqcode.stigs.win10_new.AuditPolicy.AuditPolicyConst; +import rqcode.stigs.win10_new.AuditPolicy.AuditPolicyPattern; +import rqcode.stigs.win10_new.AuditPolicy.AuditPolicyScriptPattern; +import rqcode.stigs.win10_new.patterns.STIGScriptPattern; + +import java.util.Map; + +public class StigTemplate extends AuditPolicyPattern { + private final STIGScriptPattern policyScriptPattern; + + public StigTemplate(String guid, String checkValue) { + policyScriptPattern = new AuditPolicyScriptPattern( + AuditPolicyConst.AUDIT_POLICY_SCRIPT_PATTERN_CHECK, AuditPolicyConst.AUDIT_POLICY_SCRIPT_PATTERN_ENFORCE, + Map.of( + "guid", guid, + "checkValue", checkValue + ), + Map.of( + "guid", guid, + "checkValue", checkValue, + "value", "enable" + ) + ); + pattern = this.policyScriptPattern; + } +} diff --git a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63447.java b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63447.java index 59ee0a6..9a6f468 100644 --- a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63447.java +++ b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63447.java @@ -19,7 +19,7 @@ public class V_63447 extends AuditPolicyPattern { ), Map.of( "guid", "{0CCE9235-69AE-11D9-BED3-505054503030}", - "parameter", "failure", + "checkValue", "failure", "value", "enable")); public V_63447() { diff --git a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63449.java b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63449.java index 14ceb9e..eb7cded 100644 --- a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63449.java +++ b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63449.java @@ -19,7 +19,7 @@ public class V_63449 extends AuditPolicyPattern { ), Map.of( "guid", "{0CCE9235-69AE-11D9-BED3-505054503030}", - "parameter", "success", + "checkValue", "success", "value", "enable")); public V_63449() { diff --git a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63463.java b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63463.java index 0f620b2..1ddade7 100644 --- a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63463.java +++ b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63463.java @@ -19,7 +19,7 @@ public class V_63463 extends AuditPolicyPattern { ), Map.of( "guid", "{0CCE9215-69AE-11D9-BED3-505054503030}", - "parameter", "failure", + "checkValue", "failure", "value", "enable")); public V_63463() { diff --git a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63467.java b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63467.java index 0b3f0ea..67f089e 100644 --- a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63467.java +++ b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/V_63467.java @@ -19,7 +19,7 @@ public class V_63467 extends AuditPolicyPattern { ), Map.of( "guid", "{0CCE9216-69AE-11D9-BED3-505054503030}", - "parameter", "success", + "checkValue", "success", "value", "enable")); public V_63467() { diff --git a/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/stig_input.txt b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/stig_input.txt new file mode 100644 index 0000000..8dde072 --- /dev/null +++ b/src/main/java/rqcode/stigs/win10_new/AuditPolicy/stigs/stig_input.txt @@ -0,0 +1,34 @@ +V-63435 Success {0CCE923F-69AE-11D9-BED3-505054503030} +V-71761 Success {0CCE9231-69AE-11D9-BED3-505054503030} +V-63487 Success {0CCE9228-69AE-11D9-BED3-505054503030} +V-63481 Success {0CCE9230-69AE-11D9-BED3-505054503030} +V-63483 Failure {0CCE9228-69AE-11D9-BED3-505054503030} +V-63467 Success {0CCE9216-69AE-11D9-BED3-505054503030} +V-63463 Failure {0CCE9215-69AE-11D9-BED3-505054503030} +V-63469 Success {0CCE921B-69AE-11D9-BED3-505054503030} +V-63499 Success {0CCE9214-69AE-11D9-BED3-505054503030} +V-63491 Failure {0CCE9213-69AE-11D9-BED3-505054503030} +V-63495 Success {0CCE9213-69AE-11D9-BED3-505054503030} +V-63475 Failure {0CCE922F-69AE-11D9-BED3-505054503030} +V-63471 Failure {0CCE9245-69AE-11D9-BED3-505054503030} +V-63473 Success {0CCE9245-69AE-11D9-BED3-505054503030} +V-63479 Success {0CCE922F-69AE-11D9-BED3-505054503030} +V-63441 Success {0CCE923A-69AE-11D9-BED3-505054503030} +V-63445 Success {0CCE9237-69AE-11D9-BED3-505054503030} +V-63447 Failure {0CCE9235-69AE-11D9-BED3-505054503030} +V-63449 Success {0CCE9235-69AE-11D9-BED3-505054503030} +V-63515 Failure {0CCE9212-69AE-11D9-BED3-505054503030} +V-63513 Success {0CCE9211-69AE-11D9-BED3-505054503030} +V-63459 Success {0CCE921C-69AE-11D9-BED3-505054503030} +V-63457 Success {0CCE9249-69AE-11D9-BED3-505054503030} +V-63455 Success {0CCE9217-69AE-11D9-BED3-505054503030} +V-71759 Failure {0CCE9217-69AE-11D9-BED3-505054503030} +V-63507 Success {0CCE9210-69AE-11D9-BED3-505054503030} +V-63503 Failure {0CCE9214-69AE-11D9-BED3-505054503030} +V-63453 Success {0CCE922B-69AE-11D9-BED3-505054503030} +V-74721 Success {0CCE9224-69AE-11D9-BED3-505054503030} +V-63431 Failure {0CCE923F-69AE-11D9-BED3-505054503030} +V-74411 Success {0CCE9227-69AE-11D9-BED3-505054503030} +V-74409 Failure {0CCE9227-69AE-11D9-BED3-505054503030} +V-75027 Failure {0CCE9224-69AE-11D9-BED3-505054503030} +V-63517 Success {0CCE9212-69AE-11D9-BED3-505054503030} \ No newline at end of file diff --git a/src/main/java/rqcode/stigs/win10_new/UI/ParameterEntryForm.java b/src/main/java/rqcode/stigs/win10_new/UI/ParameterEntryForm.java deleted file mode 100644 index 99c9e6a..0000000 --- a/src/main/java/rqcode/stigs/win10_new/UI/ParameterEntryForm.java +++ /dev/null @@ -1,33 +0,0 @@ -import javax.swing.*; -import java.awt.*; -import java.awt.event.ActionEvent; -import java.awt.event.ActionListener; - -public class ParameterEntryForm { - public static void main(String[] args) { - JFrame frame = new JFrame("Parameter Entry Form"); - JPanel panel = new JPanel(); - frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); - - JLabel nameLabel = new JLabel("STIG number:"); - JTextField nameTextField = new JTextField(20); - JButton submitButton = new JButton("Submit"); - - panel.add(nameLabel); - panel.add(nameTextField); - panel.add(submitButton); - - submitButton.addActionListener(new ActionListener() { - @Override - public void actionPerformed(ActionEvent e) { - String name = nameTextField.getText(); - JOptionPane.showMessageDialog(frame, "Hello, " + name); - } - }); - - panel.setLayout(new FlowLayout()); - frame.add(panel); - frame.setSize(400, 200); - frame.setVisible(true); - } -} diff --git a/src/main/resources/tasks.properties b/src/main/resources/tasks.properties new file mode 100644 index 0000000..74debca --- /dev/null +++ b/src/main/resources/tasks.properties @@ -0,0 +1,78 @@ +V-63435={0CCE923F-69AE-11D9-BED3-505054503030} +V-63435.param=Success +V-63435.value=enable +V-71761={0CCE9231-69AE-11D9-BED3-505054503030} +V-71761.param=Success +V-71761.value=enable +V-63487={0CCE9228-69AE-11D9-BED3-505054503030} +V-63487.param=Success +V-63487.value=enable +V-63481={0CCE9230-69AE-11D9-BED3-505054503030} +V-63481.param=Success +V-63481.value=enable +V-63483={0CCE9228-69AE-11D9-BED3-505054503030} +V-63483.param=Failure +V-63483.value=enable +V-63467={0CCE9216-69AE-11D9-BED3-505054503030} +V-63467.param=Success +V-63467.value=enable +V-63463={0CCE9215-69AE-11D9-BED3-505054503030} +V-63463.param=Failure +V-63463.value=enable +V-63469={0CCE921B-69AE-11D9-BED3-505054503030} +V-63469.param=Success +V-63469.value=enable +V-63499={0CCE9214-69AE-11D9-BED3-505054503030} +V-63499.param=Success +V-63499.value=enable +V-63491={0CCE9213-69AE-11D9-BED3-505054503030} +V-63491.param=Failure +V-63491.value=enable +V-63495={0CCE9213-69AE-11D9-BED3-505054503030} +V-63495.param=Success +V-63495.value=enable +V-63475={0CCE922F-69AE-11D9-BED3-505054503030} +V-63475.param=Failure +V-63475.value=enable +V-63471={0CCE9245-69AE-11D9-BED3-505054503030} +V-63471.param=Failure +V-63471.value=enable +V-63473={0CCE9245-69AE-11D9-BED3-505054503030} +V-63473.param=Success +V-63473.value=enable +V-63479={0CCE922F-69AE-11D9-BED3-505054503030} +V-63479.param=Success +V-63479.value=enable +V-63441={0CCE923A-69AE-11D9-BED3-505054503030} +V-63441.param=Success +V-63441.value=enable +V-63445={0CCE9237-69AE-11D9-BED3-505054503030} +V-63445.param=Success +V-63445.value=enable +V-63447={0CCE9235-69AE-11D9-BED3-505054503030} +V-63447.param=Failure +V-63447.value=enable +V-63449={0CCE9235-69AE-11D9-BED3-505054503030} +V-63449.param=Success +V-63449.value=enable +V-63515={0CCE9212-69AE-11D9-BED3-505054503030} +V-63515.param=Failure +V-63515.value=enable +V-63513={0CCE9211-69AE-11D9-BED3-505054503030} +V-63513.param=Success +V-63513.value=enable +V-63459={0CCE921C-69AE-11D9-BED3-505054503030} +V-63459.param=Success +V-63459.value=enable +V-63457={0CCE9249-69AE-11D9-BED3-505054503030} +V-63457.param=Success +V-63457.value=enable +V-63455={0CCE9217-69AE-11D9-BED3-505054503030} +V-63455.param=Success +V-63455.value=enable +V-71759={0CCE9217-69AE-11D9-BED3-505054503030} +V-71759.param=Failure +V-71759.value=enable +V-63507={0CCE9210-69AE-11D9-BED3-505054503030} +V-63507.param=Success +