
<html>

  <head>


    <meta http-equiv="content-type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>Dans le cadre d'un pré-audit ISO27k, j'ai fais en qq minutes

      (WAPT Power !!) un "ptipackagealacon" qui audit les péripheriques

      USB de type storage qui ont été branché sur les postes Windows.</p>

    <p>Je vous partage ici ce package:<br>

    </p>

    <p>Dans le control, on set l'audit_schedule à la valeur désirée (ici

      12h)<br>

    </p>

    <p>Le setup.py:</p>

    <pre><code><span class="python1-comment"># -*- coding: utf-8 -*-

</span><span class="python1-reservedword">from</span><span class="python1-space"> </span><span class="python1-identifier">setuphelpers</span><span class="python1-space"> </span><span class="python1-reservedword">import</span><span class="python1-space"> </span><span class="python1-symbol">*

</span><span class="python1-reservedword">def</span><span class="python1-space"> </span><span class="python1-functionname">install</span><span class="python1-symbol">():

</span><span class="python1-space">    </span><span class="python1-reservedword">pass


def</span><span class="python1-space"> </span><span class="python1-functionname">audit</span><span class="python1-symbol">():

</span><span class="python1-space">    </span><span class="python1-reservedword">try</span><span class="python1-symbol">:

</span><span class="python1-space">        </span><span class="python1-identifier">usb</span><span class="python1-space"> </span><span class="python1-symbol">=</span><span class="python1-space"> </span><span class="python1-identifier">run_powershell</span><span class="python1-symbol">(</span><span class="python1-string">r'Get-ItemProperty -Path <a class="moz-txt-link-freetext" href="HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\*">HKLM:\SYSTEM\CurrentControlSet\Enum\USBSTOR\*\*</a> | Select FriendlyName,PSChildName'</span><span class="python1-symbol">)

</span><span class="python1-space">        </span><span class="python1-nonreservedkeyword">print</span><span class="python1-symbol">(</span><span class="python1-string">'%s'</span><span class="python1-space"> </span><span class="python1-symbol">%</span><span class="python1-space"> </span><span class="python1-identifier">usb</span><span class="python1-symbol">)

</span><span class="python1-space">    </span><span class="python1-reservedword">except</span><span class="python1-symbol">:

</span><span class="python1-space">        </span><span class="python1-nonreservedkeyword">print</span><span class="python1-symbol">(</span><span class="python1-string">'No USB Storage Found'</span><span class="python1-symbol">)

</span><span class="python1-space">    </span><span class="python1-reservedword">return</span><span class="python1-space"> </span><span class="python1-string">"OK"


</span><span class="python1-reservedword">if</span><span class="python1-space"> </span><span class="python1-nonreservedkeyword">__name__</span><span class="python1-space"> </span><span class="python1-symbol">==</span><span class="python1-space"> </span><span class="python1-string">'__main__'</span><span class="python1-symbol">:

</span><span class="python1-space">    </span><span class="python1-identifier">audit</span><span class="python1-symbol">()


</span><span class="python1-reservedword">def</span><span class="python1-space"> </span><span class="python1-functionname">update_package</span><span class="python1-symbol">():

</span><span class="python1-space">    </span><span class="python1-reservedword">pass


</span></code>

<code><span class="python1-reservedword">

</span></code></pre>

    <p><code><span class="python1-reservedword">Le rapport qui va bien:</span></code></p>

    <p><code><span class="python1-reservedword"></span></code></p>

    <p><code><span class="python1-reservedword">select

          hosts.computer_name, hosts.serialnr,

          hosts.last_logged_on_user,</span></code></p>

    <p><code><span class="python1-reservedword">hostpackagesstatus.last_audit_status,

          hostpackagesstatus.last_audit_on,

          hostpackagesstatus.last_audit_output</span></code></p>

    <p><code><span class="python1-reservedword">from hosts</span></code></p>

    <p><code><span class="python1-reservedword">LEFT JOIN

          hostpackagesstatus on hostpackagesstatus.host_id = hosts.uuid

          and hostpackagesstatus.package = 'ywh-audit-usbstorage'</span></code></p>

    <p><code><span class="python1-reservedword">where hosts.platform =

          'Windows' <br>

        </span></code></p>

    <p><code><span class="python1-reservedword"><br>

        </span></code></p>

    <p><code><span class="python1-reservedword"></span></code></p>

    <p><code><span class="python1-reservedword"></span></code><code><span

          class="python1-reservedword">Ce qui nous sort des infos du

          genre:</span></code></p>

    <p><code><span class="python1-reservedword"><br>

        </span></code></p>

    <p><code><span class="python1-reservedword">Auditing

          ywh-audit-usbstorage</span></code></p>

    <p><code><span class="python1-reservedword">{'FriendlyName':

          'Kingston DataTraveler 3.0 USB Device', 'PSChildName':

          'E0D55EA5XXXXXXXXXXXX71&0'}</span></code></p>

    <pre><code><span class="python1-reservedword"></span></code></pre>

    <code><span class="python1-reservedword"><br>

        Le PSChildName étant le serial du peripherique USB ;)<br>

        <br>

        Bon weekend !<br>

        <br>

      </span></code>

  
<br>

<br></body>

</html>