go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/windows/auditpol.go

go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/windows/auditpol.go (about)

     1  // Copyright (c) Mondoo, Inc.
     2  // SPDX-License-Identifier: BUSL-1.1
     3  
     4  package windows
     5  
     6  import (
     7  	"encoding/csv"
     8  	"io"
     9  	"strings"
    10  )
    11  
    12  // Machine Name,Policy Target,Subcategory,Subcategory GUID,Inclusion Setting,Exclusion Setting
    13  // Test,System,Security System Extension,{0CCE9211-69AE-11D9-BED3-505054503030},No Auditing,
    14  type AuditpolEntry struct {
    15  	MachineName      string
    16  	PolicyTarget     string
    17  	Subcategory      string
    18  	SubcategoryGUID  string
    19  	InclusionSetting string
    20  	ExclusionSetting string
    21  }
    22  
    23  // see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gpac/77878370-0712-47cd-997d-b07053429f6d
    24  func ParseAuditpol(r io.Reader) ([]AuditpolEntry, error) {
    25  	res := []AuditpolEntry{}
    26  
    27  	csvReader := csv.NewReader(r)
    28  	for {
    29  		record, err := csvReader.Read()
    30  		if err == io.EOF {
    31  			break
    32  		}
    33  		if err != nil {
    34  			return nil, err
    35  		}
    36  
    37  		guid := strings.TrimSpace(record[3])
    38  		guid = strings.TrimPrefix(guid, "{")
    39  		guid = strings.TrimSuffix(guid, "}")
    40  
    41  		res = append(res, AuditpolEntry{
    42  			MachineName:      strings.TrimSpace(record[0]),
    43  			PolicyTarget:     strings.TrimSpace(record[1]),
    44  			Subcategory:      strings.TrimSpace(record[2]),
    45  			SubcategoryGUID:  guid,
    46  			InclusionSetting: strings.TrimSpace(record[4]),
    47  			ExclusionSetting: strings.TrimSpace(record[5]),
    48  		})
    49  	}
    50  
    51  	return res, nil
    52  }