AppLocker Policy parser and emitter for Python
Project description
AppLocker
The applocker module allows you to easily parse and create AppLocker Policy XML files and/or strings in Python.
Installation
To install the applocker module via pip, run the command:
$ pip install applocker
Usage
Start by importing the applocker module.
>>> import applocker
The function applocker.load, loads an AppLocker Policy XML file.
>>> with open('example.xml', 'r') as file:
... applocker.load(file)
The function applocker.loads, loads an AppLocker Policy XML string.
>>> applocker.loads('<AppLockerPolicy Version="1" />')
In addition to loading an existing AppLocker Policy, policies created using the relevant Conditions, Rules and Rule Collections can be dumped to an XML file using the applocker.dump function.
>>> with open('example.xml', 'w') as file:
... applocker.dump(policy, file)
Or, an XML string using the applocker.dumps function.
>>> applocker.dumps(policy)
FilePublisherRule
To create a file publisher AppLocker rule to allow or deny digitally signed files, a applocker.conditions.FilePublisherCondition must be created optionally specifying a applocker.conditions.BinaryVersionRange.
This condition can then be used to create a applocker.rules.FilePublisherRule.
>>> from applocker.conditions import BinaryVersionRange, FilePublisherCondition
>>> from applocker.rules import FilePublisherRule
>>> binary_version_range = BinaryVersionRange(low_section='10.0.19041.1', high_section='10.0.19041.1')
>>> condition = FilePublisherCondition(
... publisher_name='O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US',
... product_name='MICROSOFT® WINDOWS® OPERATING SYSTEM',
... binary_name='CMD.EXE',
... binary_version_range=binary_version_range
... )
>>> rule = FilePublisherRule(
... id='00000000-0000-0000-0000-000000000000',
... name='Deny everyone execution of cmd.exe',
... description='',
... user_or_group_sid='S-1-1-0',
... action='Deny',
... conditions=[
... condition
... ]
... )
FilePathRule
To create a file path AppLocker rule to allow or deny files based upon their path, a applocker.conditions.FilePathCondition condition must be created.
This condition can then be used to create a applocker.rules.FilePathRule.
>>> from applocker.conditions import FilePathCondition
>>> from applocker.rules import FilePathRule
>>> condition = FilePathCondition(path='C:\Windows\System32\cmd.exe')
>>> rule = FilePathRule(
... id='00000000-0000-0000-0000-000000000000',
... name='Deny everyone execution of cmd.exe',
... description='',
... user_or_group_sid='S-1-1-0',
... action='Deny',
... conditions=[
... condition
... ]
... )
FileHashRule
To create a file hash AppLocker rule to allow or deny files based upon their hash, one or more applocker.conditions.FileHash objects and a applocker.conditions.FileHashCondition condition must be created.
This condition can then be used to create a applocker.rules.FileHashRule.
>>> from applocker.conditions import FileHash, FileHashCondition
>>> from applocker.rules import FileHashRule
>>> hash = FileHash(
... type='SHA256',
... data='0x9BB897814C6E1A2A2701D2ADB59AAC2BCACB9CF265DDF3F61B9056EA6FFE04C7',
... source_file_name='cmd.exe',
... source_file_length='289792'
... )
>>> condition = FileHashCondition(file_hashes=[hash])
>>> rule = FileHashRule(
... id='00000000-0000-0000-0000-000000000000',
... name='Deny everyone execution of cmd.exe',
... description='',
... user_or_group_sid='S-1-1-0',
... action='Deny',
... conditions=[
... condition
... ]
... )
RuleCollection
To create a rule collection one or more rules must be created as described above.
These rules can then be used to create a applocker.rules.RuleCollection.
>>> from applocker.rules import RuleCollection
>>> rule_collection = RuleCollection(
... type='Exe',
... enforcement_mode='Enforcing',
... rules=[
... rule
... ]
... )
AppLockerPolicy
To create an AppLocker Policy one or more rule collections must be created as described above.
These rule collections can then be used to create an applocker.policy.AppLockerPolicy.
>>> from applocker.policy import AppLockerPolicy
>>> policy = AppLockerPolicy(
... version='1',
... rule_collections=[
... rule_collection
... ]
... )
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file applocker-1.1.1.tar.gz.
File metadata
- Download URL: applocker-1.1.1.tar.gz
- Upload date:
- Size: 7.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.0 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 08ffee65cf1c3ebda2592a2dd9d51d34ad07d8e736b9424f2eda78ace9a44c4e |
|
| MD5 | 0bfc328ec51c760a7a5c8b7297c1c585 |
|
| BLAKE2b-256 | 9bd1337df29765e34f31ac4a671843b558627302f2d7384a7e1b7e3bedd1d310 |
File details
Details for the file applocker-1.1.1-py3-none-any.whl.
File metadata
- Download URL: applocker-1.1.1-py3-none-any.whl
- Upload date:
- Size: 13.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/47.1.0 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/3.8.5
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f3bc1d421c2c2e817f795a5909949e6d2be58c07a05a574ed3e75b4bab2e1bfc |
|
| MD5 | 1e45d1990a3853726c86db7d4391a5f5 |
|
| BLAKE2b-256 | 63a61cac098c8ba20abca31e7958298008943a1ff6e92c9fe124e6acfd834830 |
