shadowbrokers-exploits/windows/Resources/Ops/PyScripts/lib/ops/cmd/audit.py


import ops
import ops.cmd
import ops.env
import ops.cmd.safetychecks
OpsCommandException = ops.cmd.OpsCommandException
VALID_OPTIONS = ['status', 'on', 'off', 'disable', 'force']

class AuditCommand(ops.cmd.DszCommand, ):
    optgroups = {'main': ['status', 'on', 'off', 'disable']}
    reqgroups = ['main']
    reqopts = []
    defopts = {}

    def __init__(self, plugin='audit', **optdict):
        ops.cmd.DszCommand.__init__(self, plugin, **optdict)

    def validateInput(self):
        for opt in self.optdict:
            if (opt not in VALID_OPTIONS):
                return False
        optcounts = {}
        for req in self.reqgroups:
            optcounts[req] = 0
            for opt in self.optgroups[req]:
                if (opt in self.optdict):
                    optcounts[req] += 1
        if (optcounts['main'] != 1):
            return False
        return True

    def __getDisable(self):
        if ('disable' in self.optdict):
            return self.optdict['disable']
        else:
            return None

    def __setDisable(self, val):
        if ((val is None) and ('disable' in self.optdict)):
            del self.optdict['disable']
        elif (val in ['all', 'security']):
            self.optdict['disable'] = val
        else:
            raise OpsCommandException(('Invalid value for -disable: %s' % val))
    disable = property(__getDisable, __setDisable)

    def __getForce(self):
        return (('force' in self.optdict) and self.optdict['force'])

    def __setForce(self, val):
        if (((val is None) or (val is False)) and ('force' in self.optdict)):
            del self.optdict['force']
        elif val:
            self.optdict['force'] = True
    force = property(__getForce, __setForce)

    def __getStatus(self):
        return (('status' in self.optdict) and self.optdict['status'])

    def __setStatus(self, val):
        if (((val is None) or (val is False)) and ('status' in self.optdict)):
            del self.optdict['status']
        elif val:
            self.optdict['status'] = True
    audit_status = property(__getStatus, __setStatus)

    def __getOn(self):
        return (('on' in self.optdict) and self.optdict['on'])

    def __setOn(self, val):
        if (((val is None) or (val is False)) and ('on' in self.optdict)):
            del self.optdict['on']
        elif val:
            self.optdict['on'] = True
            self.optdict['off'] = False
    audit_on = property(__getOn, __setOn)

    def __getOff(self):
        return (('off' in self.optdict) and self.optdict['off'])

    def __setOff(self, val):
        if (((val is None) or (val is False)) and ('off' in self.optdict)):
            del self.optdict['off']
        elif val:
            self.optdict['off'] = True
            self.optdict['on'] = False
    audit_off = property(__getOff, __setOff)

def mySafetyCheck(self):
    good = True
    msgparts = []
    if ((ops.env.get('OPS_NOINJECT').upper() == 'TRUE') and (self.disable is not None)):
        good = False
        msgparts.append('OPS_NOINJECT is set to TRUE, you should probably not disable auditing')
    if (self.force or self.audit_off or self.audit_on):
        good = False
        msgparts.append('Altering audit policy in a script is not safe, verify you really want to do that')
    msg = ''
    if (len(msgparts) > 0):
        msg = msgparts[0]
        for msgpart in msgparts[1:]:
            msg += ('\n\t' + msgpart)
    return (good, msg)
ops.cmd.command_classes['audit'] = AuditCommand
ops.cmd.aliasoptions['audit'] = VALID_OPTIONS
ops.cmd.safetychecks.addSafetyHandler('audit', 'ops.cmd.audit.mySafetyCheck')
Inital commit of Shadowbrokers 'Lost in Translation' release 2017-04-14 09:45:07 +00:00
			`import ops`
			`import ops.cmd`
			`import ops.env`
			`import ops.cmd.safetychecks`
			`OpsCommandException = ops.cmd.OpsCommandException`
			`VALID_OPTIONS = ['status', 'on', 'off', 'disable', 'force']`

			`class AuditCommand(ops.cmd.DszCommand, ):`
			`optgroups = {'main': ['status', 'on', 'off', 'disable']}`
			`reqgroups = ['main']`
			`reqopts = []`
			`defopts = {}`

			`def __init__(self, plugin='audit', **optdict):`
			`ops.cmd.DszCommand.__init__(self, plugin, **optdict)`

			`def validateInput(self):`
			`for opt in self.optdict:`
			`if (opt not in VALID_OPTIONS):`
			`return False`
			`optcounts = {}`
			`for req in self.reqgroups:`
			`optcounts[req] = 0`
			`for opt in self.optgroups[req]:`
			`if (opt in self.optdict):`
			`optcounts[req] += 1`
			`if (optcounts['main'] != 1):`
			`return False`
			`return True`

			`def __getDisable(self):`
			`if ('disable' in self.optdict):`
			`return self.optdict['disable']`
			`else:`
			`return None`

			`def __setDisable(self, val):`
			`if ((val is None) and ('disable' in self.optdict)):`
			`del self.optdict['disable']`
			`elif (val in ['all', 'security']):`
			`self.optdict['disable'] = val`
			`else:`
			`raise OpsCommandException(('Invalid value for -disable: %s' % val))`
			`disable = property(__getDisable, __setDisable)`

			`def __getForce(self):`
			`return (('force' in self.optdict) and self.optdict['force'])`

			`def __setForce(self, val):`
			`if (((val is None) or (val is False)) and ('force' in self.optdict)):`
			`del self.optdict['force']`
			`elif val:`
			`self.optdict['force'] = True`
			`force = property(__getForce, __setForce)`

			`def __getStatus(self):`
			`return (('status' in self.optdict) and self.optdict['status'])`

			`def __setStatus(self, val):`
			`if (((val is None) or (val is False)) and ('status' in self.optdict)):`
			`del self.optdict['status']`
			`elif val:`
			`self.optdict['status'] = True`
			`audit_status = property(__getStatus, __setStatus)`

			`def __getOn(self):`
			`return (('on' in self.optdict) and self.optdict['on'])`

			`def __setOn(self, val):`
			`if (((val is None) or (val is False)) and ('on' in self.optdict)):`
			`del self.optdict['on']`
			`elif val:`
			`self.optdict['on'] = True`
			`self.optdict['off'] = False`
			`audit_on = property(__getOn, __setOn)`

			`def __getOff(self):`
			`return (('off' in self.optdict) and self.optdict['off'])`

			`def __setOff(self, val):`
			`if (((val is None) or (val is False)) and ('off' in self.optdict)):`
			`del self.optdict['off']`
			`elif val:`
			`self.optdict['off'] = True`
			`self.optdict['on'] = False`
			`audit_off = property(__getOff, __setOff)`

			`def mySafetyCheck(self):`
			`good = True`
			`msgparts = []`
			`if ((ops.env.get('OPS_NOINJECT').upper() == 'TRUE') and (self.disable is not None)):`
			`good = False`
			`msgparts.append('OPS_NOINJECT is set to TRUE, you should probably not disable auditing')`
			`if (self.force or self.audit_off or self.audit_on):`
			`good = False`
			`msgparts.append('Altering audit policy in a script is not safe, verify you really want to do that')`
			`msg = ''`
			`if (len(msgparts) > 0):`
			`msg = msgparts[0]`
			`for msgpart in msgparts[1:]:`
			`msg += ('\n\t' + msgpart)`
			`return (good, msg)`
			`ops.cmd.command_classes['audit'] = AuditCommand`
			`ops.cmd.aliasoptions['audit'] = VALID_OPTIONS`
			`ops.cmd.safetychecks.addSafetyHandler('audit', 'ops.cmd.audit.mySafetyCheck')`