Skip to content

Commit

Permalink
Merge pull request #855 from devagupt/3.0
Browse files Browse the repository at this point in the history
Change in permissions for windows config file
  • Loading branch information
MoodyMudit authored May 29, 2020
2 parents 3173f30 + 6f8021d commit 0af8fdb
Showing 1 changed file with 53 additions and 35 deletions.
88 changes: 53 additions & 35 deletions pkg/windows/hubble_config_permissions.ps1
Original file line number Diff line number Diff line change
@@ -1,35 +1,53 @@
$hubble_path = $args[0]
$hubble_conf_path = $hubble_path + "\etc\hubble\"
Write-Host $hubble_conf_path
$acl = Get-Acl $hubble_conf_path

$acl.SetAccessRuleProtection($true, $false)
foreach ($access in $acl.Access) {
$acl.RemoveAccessRule($access)
}
Set-Acl $hubble_conf_path $acl
Write-Host "Succesfully removed all permissions from file"

$acl = Get-Acl $hubble_conf_path
$inheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$propagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$permType = [System.Security.AccessControl.AccessControlType]::Allow
$grantedPerm = 'FullControl'

$systemSid = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-18')
$systemUser = $systemSid.Translate([System.Security.Principal.NTAccount])
Write-Host $systemUser

$adminsSid = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-544')
$adminsGroup = $adminsSid.Translate([System.Security.Principal.NTAccount])
Write-Host $adminsGroup

$permGroups = @($systemUser, $adminsGroup)
foreach ($accnt in $permGroups) {
$permission = $accnt.Value, $grantedPerm, $inheritanceFlag, $propagationFlag, $permType
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
Write-Host $accessRule
$acl.SetAccessRule($accessRule)
}
$acl.SetOwner($adminsGroup)
Set-Acl $hubble_conf_path $acl
$hubble_path = $args[0]
$hubble_conf_path = $hubble_path + "\etc\hubble"
$hubble_conf_file_path = $hubble_conf_path + "\hubble.conf"
Write-Host $hubble_conf_path
$acl = Get-Acl $hubble_conf_path

$acl.SetAccessRuleProtection($true, $false)
foreach ($access in $acl.Access) {
$acl.RemoveAccessRule($access)
}
Set-Acl $hubble_conf_path $acl
Write-Host "Successfully removed all permissions from file"

$acl = Get-Acl $hubble_conf_path
$inheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
$propagationFlag = [System.Security.AccessControl.PropagationFlags]::None
$permType = [System.Security.AccessControl.AccessControlType]::Allow
$grantedPerm = 'FullControl'

$systemSid = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-18')
$systemUser = $systemSid.Translate([System.Security.Principal.NTAccount])
Write-Host $systemUser

$adminsSid = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-544')
$adminsGroup = $adminsSid.Translate([System.Security.Principal.NTAccount])
Write-Host $adminsGroup

$permGroups = @($systemUser, $adminsGroup)
foreach ($accnt in $permGroups) {
$permission = $accnt.Value, $grantedPerm, $inheritanceFlag, $propagationFlag, $permType
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
Write-Host $accessRule
$acl.SetAccessRule($accessRule)
}
$acl.SetOwner($adminsGroup)
Set-Acl $hubble_conf_path $acl

$items = Get-ChildItem -Recurse -Path $hubble_conf_path
foreach ($item in $items) {
$acl = Get-Acl -Path $item.FullName
$acl.SetOwner($adminsGroup)
Set-Acl $item.FullName $acl
}

$file_acl = Get-Acl $hubble_conf_file_path
foreach ($accnt in $permGroups) {
$permission = $accnt.Value, $grantedPerm, 'None', $propagationFlag, $permType
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
Write-Host $accessRule
$file_acl.SetAccessRule($accessRule)
}
$file_acl.SetOwner($adminsGroup)
Set-Acl $hubble_conf_file_path $file_acl

0 comments on commit 0af8fdb

Please sign in to comment.