Lock down install dir for SWELF - Githubissues

ceramicskate0 / SWELF

Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.

https://ceramicskate0.github.io/SWELF/

GNU Affero General Public License v3.0

24 stars 7 forks source link

Lock down install dir for SWELF #109

Open ceramicskate0 opened 5 years ago

ceramicskate0 commented 5 years ago

Lock down dir and splunk Dirs configs at file level.

ceramicskate0 commented 4 years ago

This is a folder permissions issue. If not fixed could allow PrivEsec in OS. This needs to be done to all files and folders SWELF uses.

ceramicskate0 commented 4 years ago

https://docs.microsoft.com/en-us/dotnet/api/system.io.directory.setaccesscontrol?view=netframework-4.8

ceramicskate0 commented 4 years ago

https://docs.microsoft.com/en-us/dotnet/api/system.io.file.setaccesscontrol?view=netframework-4.8

ceramicskate0 commented 4 years ago

https://docs.microsoft.com/en-us/dotnet/api/system.security.permissions.fileiopermission?view=netframework-4.8

ceramicskate0 commented 4 years ago

since it can be run from any dir. I will give user the command line option to run that will take care of swelf currenlty running dir.