A tool for parsing and running and enforcing audit security policies.
The application is written in Python, for GUI used PyQT.
The files are written in a XML-like language.
Parsed policy is stored under a name in Mongo database.
- make sure all files are in the current directory
- execute "python app.py"
Execution is work in progress.
For now the following types of custom_item are executed:
- REG_CHECK
- REGISTRY_SETTING
- PASSWORD_POLICY
- FILE_CHECK
- LOCKOUT_POLICY
- USER_RIGHTS_POLICY
- AUDIT_POWERSHELL
Enforcing and Rollback is work in progress.
For now the following types of custom_item are enforced and rollbacked:
- REG_CHECK
- FILE_CHECK
- USER_RIGHTS_POLICY
- Not all errors are caught (this can kill the application) work in progress
- Some user rights policies don't work on the virtual box I use (access denied even as Administrator) work in progress
Here you can see how to import a policy and review the policy before submitting. Once submitted you are asked to introduce a name for the policy. After submision the policy is parsed and stored in a mongo database. We can also perform search on policies and choose what rules we want to add, then save to a new document or update an existing one.
After execution, in the output we can see:
- Green policies - The policies passed.
- Red policies - An error occured, you can find the error in the output.
- Blue policies - Work in progress. To be done.