Module/Rule.WinEventLog/Convert/WinEventLogRule.Convert.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License.
using module .\..\..\Common\Common.psm1
using module .\..\WinEventLogRule.psm1

$exclude = @($MyInvocation.MyCommand.Name,'Template.*.txt')
$supportFileList = Get-ChildItem -Path $PSScriptRoot -Exclude $exclude
foreach ($supportFile in $supportFileList)
{
    Write-Verbose "Loading $($supportFile.FullName)"
    . $supportFile.FullName
}
# Header

<#
    .SYNOPSIS
        Convert the contents of an xccdf check-content element into a
        WinEventLogRuleConvert object
    .DESCRIPTION
        The WinEventLogRuleConvert class is used to extract the windows event log settings
        from the check-content of the xccdf. Once a STIG rule is identified as a
        windows event log rule, it is passed to the WinEventLogRuleConvert class for
        parsing and validation.
 
#>

class WinEventLogRuleConvert : WinEventLogRule
{
    <#
        .SYNOPSIS
            Empty constructor for SplitFactory
    #>

    WinEventLogRuleConvert ()
    {
    }

    <#
        .SYNOPSIS
            Converts a xccdf STIG rule element into a Win EventLog Rule
        .PARAMETER XccdfRule
            The STIG rule to convert
    #>

    WinEventLogRuleConvert ([xml.xmlelement] $XccdfRule) : base ($XccdfRule, $true)
    {
        $this.SetWinEventLogName()
        $this.SetWinEventLogIsEnabled()
        $this.SetDuplicateRule()
        if ($this.IsExistingRule($global:stigSettings))
        {
            $newId = Get-AvailableId -Id $XccdfRule.id
            $this.set_id($newId)
        }
        $this.SetDscResource()
    }

    #region Methods

    <#
        .SYNOPSIS
            Extracts the event log from the check-content and sets the value
        .DESCRIPTION
            Gets the event log from the xccdf content and sets the value. If
            the name that is returned is not valid, the parser status is set
            to fail.
    #>

    [void] SetWinEventLogName ()
    {
        $thisDnsWinEventLogName = Get-DnsServerWinEventLogName -StigString $this.SplitCheckContent

        if (-not $this.SetStatus($thisDnsWinEventLogName))
        {
            $this.set_LogName($thisDnsWinEventLogName)
        }
    }

    hidden [void] SetDscResource ()
    {
        if ($null -eq $this.DuplicateOf)
        {
            $this.DscResource = 'xWinEventLog'
        }
        else
        {
            $this.DscResource = 'None'
        }
    }

    <#
        .SYNOPSIS
            Extracts the event log enabled status from the check-content and
            sets the value
        .DESCRIPTION
            Gets the event log enabled status from the xccdf content and sets the
            value. If the enabled status that is returned is not valid, the
            parser status is set to fail.
    #>

    [void] SetWinEventLogIsEnabled ()
    {
        # The DNS STIG always sets this to true
        $this.IsEnabled = $true
    }

    static [bool] Match ([string] $CheckContent)
    {
        if
        (
            $CheckContent -Match 'Logs\\Microsoft' -and
            $CheckContent -Match 'eventvwr\.msc'
        )
        {
            return $true
        }
        return $false
    }
    #endregion
}