Skip to content

Commit

Permalink
Merge pull request #104 from TrimarcJake/fix-auditingissues-esc6
Browse files Browse the repository at this point in the history 
Fixes "Unable to index into an object..." Errors
  • Loading branch information
@TrimarcJake
TrimarcJake authored Jan 20, 2024
2 parents a4383fc + f4d1277 commit 890364b
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 36 deletions.
31 changes: 13 additions & 18 deletions Invoke-Locksmith.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,16 +61,14 @@ function Find-AuditingIssue {
Name = $_.Name
DistinguishedName = $_.DistinguishedName
Technique = 'DETECT'
Issue = "Auditing is not fully enabled on $($_.CAFullName). Current value is $($_.AuditFilter)"
Fix = "certutil.exe -config `'$($_.CAFullname)`' -setreg `'CA\AuditFilter`' 127; Invoke-Command -ComputerName `'$($_.dNSHostName)`' -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
Revert = "certutil.exe -config $($_.CAFullname) -setreg CA\AuditFilter $($_.AuditFilter); Invoke-Command -ComputerName `'$($_.dNSHostName)`' -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
}
if ($_.AuditFilter -match 'CA Unavailable') {
$Issue['Issue'] = $_.AuditFilter
$Issue['Fix'] = 'N/A'
$Issue['Revert'] = 'N/A'
}
else {
$Issue['Issue'] = "Auditing is not fully enabled on $($_.CAFullName). Current value is $($_.AuditFilter)"
$Issue['Fix'] = "certutil.exe -config `'$($_.CAFullname)`' -setreg `'CA\AuditFilter`' 127; Invoke-Command -ComputerName `'$($_.dNSHostName)`' -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
$Issue['Revert'] = "certutil.exe -config $($_.CAFullname) -setreg CA\AuditFilter $($_.AuditFilter); Invoke-Command -ComputerName `'$($_.dNSHostName)`' -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
$Issue.Issue = $_.AuditFilter
$Issue.Fix = 'N/A'
$Issue.Revert = 'N/A'
}
$Issue
}
Expand Down Expand Up @@ -417,18 +415,15 @@ function Find-ESC6 {
Name = $_.Name
DistinguishedName = $_.DistinguishedName
Technique = 'ESC6'
Issue = $_.AuditFilter
Fix = 'N/A'
Revert = 'N/A'
}
if ($_.SANFlag -eq 'Yes') {
$Issue['Issue'] = 'EDITF_ATTRIBUTESUBJECTALTNAME2 is enabled.'
$Issue['Fix'] = "certutil -config $CAFullname -setreg policy\EditFlags -EDITF_ATTRIBUTESUBJECTALTNAME2; Invoke-Command -ComputerName `"$($_.dNSHostName)`" -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
$Issue['Revert'] = "certutil -config $CAFullname -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2; Invoke-Command -ComputerName `"$($_.dNSHostName)`" -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
$Issue.Issue = 'EDITF_ATTRIBUTESUBJECTALTNAME2 is enabled.'
$Issue.Fix = "certutil -config $CAFullname -setreg policy\EditFlags -EDITF_ATTRIBUTESUBJECTALTNAME2; Invoke-Command -ComputerName `"$($_.dNSHostName)`" -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
$Issue.Revert = "certutil -config $CAFullname -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2; Invoke-Command -ComputerName `"$($_.dNSHostName)`" -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
}
else {
$Issue['Issue'] = $_.AuditFilter
$Issue['Fix'] = 'N/A'
$Issue['Revert'] = 'N/A'
}

$Issue
}
}
Expand All @@ -455,7 +450,7 @@ function Find-ESC8 {
Technique = 'ESC8'
}
if ($_.CAEnrollmentEndpoint -like '^https*') {
$Issue['Issue'] = 'HTTPS enrollment is enabled.'
$Issue.Issue = 'HTTPS enrollment is enabled.'
}
$Issue
}
Expand Down
14 changes: 6 additions & 8 deletions Private/Find-AuditingIssue.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,16 +13,14 @@
Name = $_.Name
DistinguishedName = $_.DistinguishedName
Technique = 'DETECT'
Issue = "Auditing is not fully enabled on $($_.CAFullName). Current value is $($_.AuditFilter)"
Fix = "certutil.exe -config `'$($_.CAFullname)`' -setreg `'CA\AuditFilter`' 127; Invoke-Command -ComputerName `'$($_.dNSHostName)`' -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
Revert = "certutil.exe -config $($_.CAFullname) -setreg CA\AuditFilter $($_.AuditFilter); Invoke-Command -ComputerName `'$($_.dNSHostName)`' -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
}
if ($_.AuditFilter -match 'CA Unavailable') {
$Issue['Issue'] = $_.AuditFilter
$Issue['Fix'] = 'N/A'
$Issue['Revert'] = 'N/A'
}
else {
$Issue['Issue'] = "Auditing is not fully enabled on $($_.CAFullName). Current value is $($_.AuditFilter)"
$Issue['Fix'] = "certutil.exe -config `'$($_.CAFullname)`' -setreg `'CA\AuditFilter`' 127; Invoke-Command -ComputerName `'$($_.dNSHostName)`' -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
$Issue['Revert'] = "certutil.exe -config $($_.CAFullname) -setreg CA\AuditFilter $($_.AuditFilter); Invoke-Command -ComputerName `'$($_.dNSHostName)`' -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
$Issue.Issue = $_.AuditFilter
$Issue.Fix = 'N/A'
$Issue.Revert = 'N/A'
}
$Issue
}
Expand Down
15 changes: 6 additions & 9 deletions Private/Find-ESC6.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,18 +15,15 @@
Name = $_.Name
DistinguishedName = $_.DistinguishedName
Technique = 'ESC6'
Issue = $_.AuditFilter
Fix = 'N/A'
Revert = 'N/A'
}
if ($_.SANFlag -eq 'Yes') {
$Issue['Issue'] = 'EDITF_ATTRIBUTESUBJECTALTNAME2 is enabled.'
$Issue['Fix'] = "certutil -config $CAFullname -setreg policy\EditFlags -EDITF_ATTRIBUTESUBJECTALTNAME2; Invoke-Command -ComputerName `"$($_.dNSHostName)`" -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
$Issue['Revert'] = "certutil -config $CAFullname -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2; Invoke-Command -ComputerName `"$($_.dNSHostName)`" -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
$Issue.Issue = 'EDITF_ATTRIBUTESUBJECTALTNAME2 is enabled.'
$Issue.Fix = "certutil -config $CAFullname -setreg policy\EditFlags -EDITF_ATTRIBUTESUBJECTALTNAME2; Invoke-Command -ComputerName `"$($_.dNSHostName)`" -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
$Issue.Revert = "certutil -config $CAFullname -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2; Invoke-Command -ComputerName `"$($_.dNSHostName)`" -ScriptBlock { Get-Service -Name `'certsvc`' | Restart-Service -Force }"
}
else {
$Issue['Issue'] = $_.AuditFilter
$Issue['Fix'] = 'N/A'
$Issue['Revert'] = 'N/A'
}

$Issue
}
}
Expand Down
2 changes: 1 addition & 1 deletion Private/Find-ESC8.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
Technique = 'ESC8'
}
if ($_.CAEnrollmentEndpoint -like '^https*') {
$Issue['Issue'] = 'HTTPS enrollment is enabled.'
$Issue.Issue = 'HTTPS enrollment is enabled.'
}
$Issue
}
Expand Down

0 comments on commit 890364b

Please sign in to comment.