Windows Audit Policy parser and emitter for Python
Project description
AuditPol
The auditpol module allows you to easily parse and create Windows Audit Policy CSV files in Python.
Installation
To install the auditpol module via pip, run the command:
$ pip install auditpol
Usage
Start by importing the auditpol module.
>>> import auditpol
The function auditpol.load, loads an audit policy CSV file.
>>> with open('example.csv', 'r') as file:
... auditpol.load(file)
In addition to loading an existing audit policy, policies created using the relevant subcategory settings, audit options or global object access audit settings can be dumped to a CSV file using the auditpol.dump function.
>>> with open('example.csv', 'w') as file:
... auditpol.dump(policy, file)
SubcategorySetting
To create a system subcategory setting as part of an audit policy, a auditpol.subcategories.Subcategory and a auditpol.settings.SettingValue must be created.
This can then be used to create a auditpol.settings.SubcategorySetting.
>>> from auditpol.subcategories import Subcategory
>>> from auditpol.settings import SettingValue, SubcategorySetting
>>> subcategory = Subcategory(
... id='{0CCE922B-69AE-11D9-BED3-505054503030}',
... name='Process Creation'
... )
>>> inclusion_setting = SettingValue(
... success=True,
... failure=True
... )
>>> subcategory_setting = SubcategorySetting(
... subcategory=subcategory,
... inclusion_setting=inclusion_setting
... )
AuditOption
To create an audit option as part of an audit policy, a auditpol.settings.OptionValue must be created.
This can then be used to create a auditpol.settings.AuditOption.
>>> from auditpol.settings import OptionValue, AuditOption
>>> value = OptionValue(
... enabled=True
... )
>>> audit_option = AuditOption(
... type='CrashOnAuditFail'
... value=value
... )
GlobalObjectAccessAuditSetting
To create a global object access audit setting, a auditpol.settings.GlobalObjectAccessAuditSetting must be created.
>>> from auditpol.settings import GlobalObjectAccessAuditSetting
>>> global_object_access_audit_setting = GlobalObjectAccessAuditSetting(
... type='RegistryGlobalSacl'
... sacl='S:(AU;SA;FA;;;WD)'
... )
AuditPolicy
To create an audit policy one or more subcategory settings, audit options or global object access audit settings must be created as described above.
These settings can then be used to create an auditpol.policy.AuditPolicy.
>>> from auditpol.policy import AuditPolicy
>>> policy = AuditPolicy(
... settings=[
... subcategory_setting,
... audit_option,
... global_object_access_audit_setting
... ]
... )
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file auditpol-1.1.0.tar.gz.
File metadata
- Download URL: auditpol-1.1.0.tar.gz
- Upload date:
- Size: 5.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 6b09cd8c1c1c8b9c5f4ff37d646375c290fef4bca3a936516f3ba48a175fe5e8 |
|
| MD5 | 46f44daef24e6c7e260f93780354077e |
|
| BLAKE2b-256 | 7e2e43b43b3dcc93057d8d7b029081b9cb2dc200cdf5538cc2ec356872451b17 |
File details
Details for the file auditpol-1.1.0-py3-none-any.whl.
File metadata
- Download URL: auditpol-1.1.0-py3-none-any.whl
- Upload date:
- Size: 12.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.6.1 requests/2.25.1 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | ec2fa09ccd5111590d55d561e16853e6dc06788f179c5874ca9c910d6cab5795 |
|
| MD5 | 19d13eeb0cb8157e1dcb855060006ca6 |
|
| BLAKE2b-256 | 36fccbd6c0708ce96396978d304b7a0ad6c4e81f0a91a598f33951d825be5104 |
