From be3dbb751e10af2be7bf988f5a2a4221fe0e91fd Mon Sep 17 00:00:00 2001 From: Devansh Gupta Date: Thu, 28 May 2020 18:07:03 +0530 Subject: [PATCH 1/2] Changing permissions for hubble.conf --- pkg/windows/hubble_config_permissions.ps1 | 88 ++++++++++++++--------- 1 file changed, 53 insertions(+), 35 deletions(-) diff --git a/pkg/windows/hubble_config_permissions.ps1 b/pkg/windows/hubble_config_permissions.ps1 index c936bc9bc..69c776522 100644 --- a/pkg/windows/hubble_config_permissions.ps1 +++ b/pkg/windows/hubble_config_permissions.ps1 @@ -1,35 +1,53 @@ -$hubble_path = $args[0] -$hubble_conf_path = $hubble_path + "\etc\hubble\" -Write-Host $hubble_conf_path -$acl = Get-Acl $hubble_conf_path - -$acl.SetAccessRuleProtection($true, $false) -foreach ($access in $acl.Access) { - $acl.RemoveAccessRule($access) -} -Set-Acl $hubble_conf_path $acl -Write-Host "Succesfully removed all permissions from file" - -$acl = Get-Acl $hubble_conf_path -$inheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit -$propagationFlag = [System.Security.AccessControl.PropagationFlags]::None -$permType = [System.Security.AccessControl.AccessControlType]::Allow -$grantedPerm = 'FullControl' - -$systemSid = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-18') -$systemUser = $systemSid.Translate([System.Security.Principal.NTAccount]) -Write-Host $systemUser - -$adminsSid = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-544') -$adminsGroup = $adminsSid.Translate([System.Security.Principal.NTAccount]) -Write-Host $adminsGroup - -$permGroups = @($systemUser, $adminsGroup) -foreach ($accnt in $permGroups) { - $permission = $accnt.Value, $grantedPerm, $inheritanceFlag, $propagationFlag, $permType - $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission - Write-Host $accessRule - $acl.SetAccessRule($accessRule) - } -$acl.SetOwner($adminsGroup) -Set-Acl $hubble_conf_path $acl \ No newline at end of file +$hubble_path = $args[0] +$hubble_conf_path = $hubble_path + "\etc\hubble" +$hubble_conf_file_path = $hubble_conf_path + "\hubble.conf" +Write-Host $hubble_conf_path +$acl = Get-Acl $hubble_conf_path + +$acl.SetAccessRuleProtection($true, $false) +foreach ($access in $acl.Access) { + $acl.RemoveAccessRule($access) +} +Set-Acl $hubble_conf_path $acl +Write-Host "Successfully removed all permissions from file" + +$acl = Get-Acl $hubble_conf_path +$inheritanceFlag = [System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit +$propagationFlag = [System.Security.AccessControl.PropagationFlags]::None +$permType = [System.Security.AccessControl.AccessControlType]::Allow +$grantedPerm = 'FullControl' + +$systemSid = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-18') +$systemUser = $systemSid.Translate([System.Security.Principal.NTAccount]) +Write-Host $systemUser + +$adminsSid = New-Object System.Security.Principal.SecurityIdentifier('S-1-5-32-544') +$adminsGroup = $adminsSid.Translate([System.Security.Principal.NTAccount]) +Write-Host $adminsGroup + +$permGroups = @($systemUser, $adminsGroup) +foreach ($accnt in $permGroups) { + $permission = $accnt.Value, $grantedPerm, $inheritanceFlag, $propagationFlag, $permType + $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission + Write-Host $accessRule + $acl.SetAccessRule($accessRule) + } +$acl.SetOwner($adminsGroup) +Set-Acl $hubble_conf_path $acl + +$items = Get-ChildItem -Recurse -Path $hubble_conf_path +foreach ($item in $items) { + $acl = Get-Acl -Path $item.FullName + $acl.SetOwner($adminsGroup) + Set-Acl $item.FullName $acl +} + +$acl1 = Get-Acl $hubble_conf_file_path +foreach ($accnt in $permGroups) { + $permission = $accnt.Value, $grantedPerm, 'None', $propagationFlag, $permType + $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission + Write-Host $accessRule + $acl1.SetAccessRule($accessRule) + } +$acl1.SetOwner($adminsGroup) +Set-Acl $hubble_conf_file_path $acl1 \ No newline at end of file From 6f8021d73ca1495247bf061a8a07a38d62d1f63b Mon Sep 17 00:00:00 2001 From: Devansh Gupta Date: Thu, 28 May 2020 18:56:00 +0530 Subject: [PATCH 2/2] Changing variable name --- pkg/windows/hubble_config_permissions.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/windows/hubble_config_permissions.ps1 b/pkg/windows/hubble_config_permissions.ps1 index 69c776522..ad4fe9044 100644 --- a/pkg/windows/hubble_config_permissions.ps1 +++ b/pkg/windows/hubble_config_permissions.ps1 @@ -42,12 +42,12 @@ foreach ($item in $items) { Set-Acl $item.FullName $acl } -$acl1 = Get-Acl $hubble_conf_file_path +$file_acl = Get-Acl $hubble_conf_file_path foreach ($accnt in $permGroups) { $permission = $accnt.Value, $grantedPerm, 'None', $propagationFlag, $permType $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission Write-Host $accessRule - $acl1.SetAccessRule($accessRule) + $file_acl.SetAccessRule($accessRule) } -$acl1.SetOwner($adminsGroup) -Set-Acl $hubble_conf_file_path $acl1 \ No newline at end of file +$file_acl.SetOwner($adminsGroup) +Set-Acl $hubble_conf_file_path $file_acl \ No newline at end of file