{*******************************************************} { } { VulnerabilityService } { } { Copyright (C) 2022 kku } { } {*******************************************************} unit VulnerabilityService; interface uses Tocsg.Obj, System.SysUtils, System.Classes, Tocsg.Thread, SecureApp, Winapi.Windows, ManagerModel; type TVulnerabilityService = class; TThdVulSvc = class(TTgThread) private bFirstCheck_: Boolean; Vul_: TVulnerabilityService; IgrBlockApps_: TStringList; dtVulTime_: TDateTime; // 최초 취약을 인지한 시간 23_0419 09:02:36 kku protected procedure Execute; override; public Constructor Create(aVul: TVulnerabilityService); Destructor Destroy; override; end; // UI 업데이트 수를 줄이기 위해 변경된 부분 체크 추가 22_0504 17:00:59 kku PCheckRefreshView = ^TCheckRefreshView; TCheckRefreshView = packed record BS1ModeKind: Integer; NicService_GetIP, AgentModel_EmpNo, AgentModel_Location, // PrefModel_SleepBlockType, PrefModel_NetworkBlockType: String; IsServiceAvailable, PrefModel_WhiteApp, PrefModel_BlackApp, PrefModel_IsMasking, PrefModel_IsWaterMark, PrefModel_HostEnable, PrefModel_RouteEnable, PrefModel_IsEmpVerify, IsConnStatus: Boolean; PrefModel_IsOsPatchCheck, PrefModel_FileMon, PrefModel_FileBlock, PrefModel_UsbEnable, PrefModel_MtpEnable, PrefModel_BlueEnable, PrefModel_PrinterEnableType, PrefModel_ExtraPortEnableType, PrefModel_ForceScreenLockMin, PreFModel_WifiCtrlKind, PrefModel_AppInstKind, PrefModel_IsClipboardEnable, PrefModel_OutAttBlk, PrefModel_WebbAttBlk, PrefModel_EtcAttBlk, PrefModel_FdRename, PrefModel_FRename, PrefModel_SharedFolder, PrefModel_NotiType, PrefModel_NotiKind, PrefModel_AfterLock, PrefModel_AfterShutdown, PrefModel_WebbMonKind, PrefModel_CapAppMonKind, PrefModel_PwChkTerm, PrefModel_IsLogoDisplay, PrefModel_ScreenLogoAlpha: Integer; PrefModel_IsShowPolicy, PrefModel_IsShowAInfo, PrefModel_WifiPublicBlock, PrefModel_DefPortEnable, PrefModel_IsEnableCheck, PrefModel_VulOsVersion, PrefModel_VulAntiVirus, PrefModel_VulPassword, PrefModel_VulScreenSaver, PrefModel_VulFirewall: Boolean; VulService_AccessStatus, VulService_AvInfo_Name, VulService_FwInfo_Name, VulService_WindowsAccount, VulService_OsVersion: String; VulService_IsSafeMode, VulService_IsOsPatchUptoDate, VulService_IsOsSafe, VulService_IsPasswordSet, VulService_IsPasswordSetTermOk, VulService_IsScreenSaverSet, VulService_IsAntiVirusUpToDate, VulService_IsFirewallOn: Boolean; end; TSafeState = record bIsAllowAccess, bIsScreenSaverSet, bIsOsSafe, bIsAvUptoDate, bIsFwSet, bIsAvSet, bIsPatchUptoDate, bIsSafePersonalInfo, bIsPasswordSet, bIsPasswordSetTermOk: Boolean; end; TVulnerabilityService = class(TTgObject) private ThdVulSvc_: TThdVulSvc; bIsVpnOn_, bIsVulMode_: Boolean; dwVpnOnTick_: DWORD; sOsVersion_: String; FileMon_, FileBlock_: TFileMonPolicy; bIsSafeMode_, bIsFileMasking_, bIsDefaultPortBlock_, bIsWatermark_, bIsForceDisconnect_: Boolean; SafeState_: TSafeState; sScreenTime_, sIdleTime_, sAccessStatus_, sWindowsAccount_, sEulaData_: String; AvList_, FwList_: TSecureAppList; AvInfo_, AsInfo_, FwInfo_: TSecureApp; // 팝업 여부 bIsPatchUptoDate_Pop_, bIsPasswordSet_Pop_, bIsAvUptoDate_Pop_, bIsFwSet_Pop_, bIsAvSet_Pop_, bIsScreenSaverSet_Pop_, bIsAllowAccess_Pop_, bIsOsSafe_Pop_, bIsSafePersonalInfo_Pop_, bIsPasswordSetTermOk_Pop_, bIsWhiteApp_, bUseTempConn_: Boolean; dwUnsafeActionTick_, // 보안모드 종료 동작 대기 24_0820 13:52:43 kku dwOsPatchPopupTick_: DWORD; // OS 업데이트 팝업 메시지 보여줬는지 체크 22_0506 14:00:12 kku procedure InitPopup; function CheckUnSafeState(aNewSafeState: TSafeState): Boolean; // procedure SetPrintBlock(bVal: Boolean); procedure SetDefaultPortBlock(bVal: Boolean); public Constructor Create; Destructor Destroy; override; procedure StopWork; procedure CallSafeProc; procedure CallUnsafeProc(bIsDirect: Boolean); procedure CallPopup(bInitPop: Boolean = false; bSendLog: Boolean = true); procedure TryExitSafeMode(bForceDisconn: Boolean); procedure SetDisconnect(bIsOn: Boolean; bForceDisconn: Boolean = true); procedure SetUseTempConn(bVal: Boolean); property OsVersion: String read sOsVersion_; property IsScreenSaverSet: Boolean read SafeState_.bIsScreenSaverSet; property IsPasswordSet: Boolean read SafeState_.bIsPasswordSet; property IsPasswordSetTermOk: Boolean read SafeState_.bIsPasswordSetTermOk; property IsSafePersonalInfo: Boolean read SafeState_.bIsSafePersonalInfo; property IsOsPatchUptoDate: Boolean read SafeState_.bIsPatchUptoDate; property IsAntiVirusUpToDate: Boolean read SafeState_.bIsAvUptoDate; property IsFirewallOn: Boolean read SafeState_.bIsFwSet; property IsAvOn: Boolean read SafeState_.bIsAvSet; property IsSafeMode: Boolean read bIsSafeMode_; property IsWhiteApp: Boolean read bIsWhiteApp_; property IsOsSafe: Boolean read SafeState_.bIsOsSafe; property IsFileMasking: Boolean read bIsFileMasking_; property IsDefaultPortBlock: Boolean read bIsDefaultPortBlock_; property IsWatermark: Boolean read bIsWatermark_; property IsForceDisconnect: Boolean read bIsForceDisconnect_; property IsAllowAccess: Boolean read SafeState_.bIsAllowAccess; property ScreenTime: String read sScreenTime_; property IdleTime: String read sIdleTime_; property AccessStatus: String read sAccessStatus_; property WindowsAccount: String read sWindowsAccount_; property EulaData: String read sEulaData_; property UnsafeActionTick: DWORD read dwUnsafeActionTick_; property AvList: TSecureAppList read AvList_; property FwList: TSecureAppList read FwList_; property AvInfo: TSecureApp read AvInfo_; property AsInfo: TSecureApp read AsInfo_; property FwInfo: TSecureApp read FwInfo_; property IsVpnOn: Boolean read bIsVpnOn_; end; resourcestring RS_CONNECTION_ALLOW = '접속 허용'; RS_CONNECTION_NOTALLOWED = '접속 미승인'; RS_CONNECTION_TEMP = '임시 허용'; RS_CONNECTION_EXP = '예외 허용'; RS_CONNECTION_EXP_TODAY = '당일'; RS_CONNECTION_NOEMPVERIFY = '사번 미검증'; RS_CONNECTION_NOTALLOWED_MAC = 'MAC 미승인'; RS_CONNECTION_NOTALLOWED_DATE = '유효기간만료'; RS_SharedName = '공유 이름'; RS_FolderName = '폴더 이름'; implementation uses Tocsg.Exception, ManagerService, Condition, Tocsg.Safe, Tocsg.Strings, Tocsg.Process, Tocsg.Convert, GlobalDefine, Tocsg.Registry, Tocsg.Win32, System.DateUtils, Tocsg.DateTime, Tocsg.Network, Tocsg.Shell, Winapi.ActiveX, Tocsg.WinInfo; const LOCKABLES: array [0..4] of String = ( 'C:\windows\system32\drivers\etc\hosts', 'C:\windows\system32\drivers\etc\lmhosts.sam', 'C:\windows\system32\drivers\etc\networks', 'C:\windows\system32\drivers\etc\protocol', 'C:\windows\system32\drivers\etc\services'); { TThdVulSvc } Constructor TThdVulSvc.Create(aVul: TVulnerabilityService); begin Inherited Create; IgrBlockApps_ := TStringList.Create; IgrBlockApps_.CaseSensitive := false; bFirstCheck_ := true; Vul_ := aVul; dtVulTime_ := 0; end; Destructor TThdVulSvc.Destroy; begin FreeAndNil(IgrBlockApps_); Inherited; end; procedure TThdVulSvc.Execute; var StrList: TStringList; bIsLockable: Boolean; F1, F2, F3, F4, F5: TFileStream; NewRefreshView, OldRefreshView: TCheckRefreshView; ShdFldList, ChkShdFldList: TSharedFolder; sComName: String; PrefModel: TPrefModel; function CheckRefreshView(aNew, aOld: TCheckRefreshView): Boolean; inline; begin Result := false; with aNew do begin if aOld.BS1ModeKind <> BS1ModeKind then exit; if aOld.NicService_GetIP <> NicService_GetIP then exit; if aOld.AgentModel_EmpNo <> AgentModel_EmpNo then exit; if aOld.AgentModel_Location <> AgentModel_Location then exit; // if aOld.PrefModel_SoftwareControlType <> PrefModel_SoftwareControlType then exit; if aOld.IsServiceAvailable <> IsServiceAvailable then exit; if aOld.PrefModel_WhiteApp <> PrefModel_WhiteApp then exit; if aOld.PrefModel_BlackApp <> PrefModel_BlackApp then exit; if aOld.PrefModel_IsMasking <> PrefModel_IsMasking then exit; if aOld.PrefModel_FileMon <> PrefModel_FileMon then exit; if aOld.PrefModel_FileBlock <> PrefModel_FileBlock then exit; if aOld.PrefModel_IsWaterMark <> PrefModel_IsWaterMark then exit; if aOld.PrefModel_PrinterEnableType <> PrefModel_PrinterEnableType then exit; if aOld.PrefModel_MtpEnable <> PrefModel_MtpEnable then exit; if aOld.PrefModel_BlueEnable <> PrefModel_BlueEnable then exit; if aOld.PrefModel_WebbMonKind <> PrefModel_WebbMonKind then exit; if aOld.PrefModel_CapAppMonKind <> PrefModel_CapAppMonKind then exit; if aOld.PrefModel_PwChkTerm <> PrefModel_PwChkTerm then exit; if aOld.PrefModel_NotiType <> PrefModel_NotiType then exit; if aOld.PrefModel_NotiKind <> PrefModel_NotiKind then exit; if aOld.PrefModel_AfterLock <> PrefModel_AfterLock then exit; if aOld.PrefModel_AfterShutdown <> PrefModel_AfterShutdown then exit; if aOld.PrefModel_DefPortEnable <> PrefModel_DefPortEnable then exit; if AoLD.PrefModel_AppInstKind <> PrefModel_AppInstKind then exit; if aOld.PrefModel_ExtraPortEnableType <> PrefModel_ExtraPortEnableType then exit; if aOld.PrefModel_IsLogoDisplay <> PrefModel_IsLogoDisplay then exit; if aOld.PrefModel_ScreenLogoAlpha <> PrefModel_ScreenLogoAlpha then exit; if aOld.PrefModel_UsbEnable <> PrefModel_UsbEnable then exit; if aOld.PrefModel_IsOsPatchCheck <> PrefModel_IsOsPatchCheck then exit; // if aOld.PrefModel_SleepBlockType <> PrefModel_SleepBlockType then exit; if aOld.PrefModel_NetworkBlockType <> PrefModel_NetworkBlockType then exit; if aOld.PrefModel_HostEnable <> PrefModel_HostEnable then exit; if aOld.PrefModel_RouteEnable <> PrefModel_RouteEnable then exit; if aOld.PrefModel_IsClipboardEnable <> PrefModel_IsClipboardEnable then exit; if aOld.PrefModel_OutAttBlk <> PrefModel_OutAttBlk then exit; if aOld.PrefModel_WebbAttBlk <> PrefModel_WebbAttBlk then exit; if aOld.PrefModel_EtcAttBlk <> PrefModel_EtcAttBlk then exit; if aOld.PrefModel_FdRename <> PrefModel_FdRename then exit; if aOld.PrefModel_FRename <> PrefModel_FRename then exit; if aOld.PrefModel_SharedFolder <> PrefModel_SharedFolder then exit; if aOld.PrefModel_IsEmpVerify <> PrefModel_IsEmpVerify then exit; if aOld.PrefModel_ForceScreenLockMin <> PrefModel_ForceScreenLockMin then exit; if aOld.PreFModel_WifiCtrlKind <> PreFModel_WifiCtrlKind then exit; if aOld.PrefModel_IsEnableCheck <> PrefModel_IsEnableCheck then exit; if aOld.IsConnStatus <> IsConnStatus then exit; if aOld.PrefModel_VulOsVersion <> PrefModel_VulOsVersion then exit; if aOld.PrefModel_VulAntiVirus <> PrefModel_VulAntiVirus then exit; if aOld.PrefModel_VulPassword <> PrefModel_VulPassword then exit; if aOld.PrefModel_VulScreenSaver <> PrefModel_VulScreenSaver then exit; if aOld.PrefModel_VulFirewall <> PrefModel_VulFirewall then exit; if aOld.PrefModel_IsShowPolicy <> PrefModel_IsShowPolicy then exit; if aOld.PrefModel_IsShowAInfo <> PrefModel_IsShowAInfo then exit; if aOld.PrefModel_WifiPublicBlock <> PrefModel_WifiPublicBlock then exit; if aOld.VulService_AccessStatus <> VulService_AccessStatus then exit; if aOld.VulService_AvInfo_Name <> VulService_AvInfo_Name then exit; if aOld.VulService_FwInfo_Name <> VulService_FwInfo_Name then exit; if aOld.VulService_WindowsAccount <> VulService_WindowsAccount then exit; if aOld.VulService_OsVersion <> VulService_OsVersion then exit; if aOld.VulService_IsSafeMode <> VulService_IsSafeMode then exit; if aOld.VulService_IsOsPatchUptoDate <> VulService_IsOsPatchUptoDate then exit; if aOld.VulService_IsOsSafe <> VulService_IsOsSafe then exit; if aOld.VulService_IsPasswordSet <> VulService_IsPasswordSet then exit; if aOld.VulService_IsPasswordSetTermOk <> VulService_IsPasswordSetTermOk then exit; if aOld.VulService_IsScreenSaverSet <> VulService_IsScreenSaverSet then exit; if aOld.VulService_IsAntiVirusUpToDate <> VulService_IsAntiVirusUpToDate then exit; if aOld.VulService_IsFirewallOn <> VulService_IsFirewallOn then exit; end; Result := true; end; function ExtrProcessList(sList: String): Integer; begin StrList.Clear; Result := 0; if sList = '' then exit; if sList.Contains(MODEL_SEPARATOR) then Result := SplitString(sList, MODEL_SEPARATOR, StrList) else if sList.Contains(';') then Result := SplitString(sList, ';', StrList) else // if sList.Contains(',') then Result := SplitString(sList, ',', StrList); end; procedure DoLockFile(sPath: String; var aFile: TFileStream); begin if aFile <> nil then exit; if not FileExists(sPath) then exit; try aFile := TFileStream.Create(sPath, fmOpenRead or fmShareDenyWrite); except on E: Exception do ETgException.TraceException(E, Format('Fail .. DoLockFile() .. Path="%s"', [sPath])); end; end; procedure ControlLockable; begin // CreateFile() // LockFile() // UnlockFile() // CloseHandle() if bIsLockable then begin DoLockFile(LOCKABLES[0], F1); DoLockFile(LOCKABLES[1], F2); DoLockFile(LOCKABLES[2], F3); DoLockFile(LOCKABLES[3], F4); DoLockFile(LOCKABLES[4], F5); end else begin if F1 <> nil then FreeAndNil(F1); if F2 <> nil then FreeAndNil(F2); if F3 <> nil then FreeAndNil(F3); if F4 <> nil then FreeAndNil(F4); if F5 <> nil then FreeAndNil(F5); end; end; procedure PolicySyncService; var bWhiteAppOk, bIsHostEnable: Boolean; i: Integer; sProcListB, sProcListW: String; ShdFldKind: TShareFolderKind; PO: TPrefModel; begin if (gMgSvc = nil) or (PrefModel = nil) then exit; PO := gMgSvc.ModePolicy; bIsHostEnable := PO.HostEnable; if IsHostDisable then bIsHostEnable := false; with Vul_ do begin ShdFldKind := PO.ShareFolder; if ShdFldKind <> sfkNone then begin var sData: String := ''; if ShdFldKind = sfkAllBlock then begin if ShdFldList = nil then ShdFldList := TSharedFolder.Create(true, sComName, true) else ShdFldList.UpdateShdFldList(true); for i := 0 to ShdFldList.Count - 1 do begin if IsIgnoreDefNetShare and (ShdFldList[i].sName.Length > 1) and (ShdFldList[i].sName[ShdFldList[i].sName.Length] = '$') then continue; // USB 드라이브 기본 공유 예외 "E$" 24_0620 16:59:01 kku // 프린터 공유는 차단 예외 24_0702 17:43:11 kku if Pos(',LOCALSPLONLY', ShdFldList[i].sPath.ToUpper) > 0 then continue; ExecutePath_hide('net', Format('share "%s" /delete', [ShdFldList[i].sName])); gMgSvc.SendEventLog(URI_USER_ACTION, PREVENT_NETSHAREFOLDER, Format('Name : %s, Path : %s', [ShdFldList[i].sName, ShdFldList[i].sPath])); SumString(sData, Format('%s : %s', [RS_SharedName, ShdFldList[i].sName]), #13#10#13#10); SumString(sData, Format('%s : %s', [RS_FolderName, ShdFldList[i].sPath]), #13#10); end; if (sData <> '') and (CUSTOMER_TYPE <> CUSTOMER_SERVE1) then // 서브원은 알림 안뜨게함 24_0807 13:13:55 kku begin if IsDivPopup then begin if PO.ShareFldBlockPopup then gMgSvc.PopupMessage(TYPE_MSG_PREVENT_SHAREDFOLDER, sData + '|PV'); end else gMgSvc.PopupMessage(TYPE_MSG_PREVENT_SHAREDFOLDER, sData + '|PV'); end; end else begin if ShdFldList <> nil then begin if ChkShdFldList = nil then ChkShdFldList := TSharedFolder.Create(true, sComName, true); for i := 0 to ChkShdFldList.Count - 1 do begin if IsIgnoreDefNetShare and (ChkShdFldList[i].sName.Length > 1) and (ChkShdFldList[i].sName[ChkShdFldList[i].sName.Length] = '$') then continue; // USB 드라이브 기본 공유 예외 "E$" 24_0620 16:59:01 kku // 프린터 공유는 차단 예외 24_0702 17:43:11 kku if Pos(',LOCALSPLONLY', ChkShdFldList[i].sPath.ToUpper) > 0 then continue; if not ShdFldList.ExistsSharedFolder(ChkShdFldList[i].sPath) then begin // case ShdFldKind of // sfkAddBlock, // sfkPopup: // begin SumString(sData, Format('%s : %s', [RS_SharedName, ChkShdFldList[i].sName]), #13#10#13#10); SumString(sData, Format('%s : %s', [RS_FolderName, ChkShdFldList[i].sPath]), #13#10); // end; // end; if ShdFldKind = sfkAddBlock then ExecutePath_hide('net', Format('share "%s" /delete', [ChkShdFldList[i].sName])) else begin case CUSTOMER_TYPE of CUSTOMER_DEV, CUSTOMER_DEMO : begin if RemoveEveryoneFromShare(ChkShdFldList[i].sName) then _Trace('"%s" 공유폴더의 Everyone 권한 삭제됨', [ChkShdFldList[i].sName], 1) else _Trace('"%s" 공유폴더의 Everyone 권한 삭제 실패 .. Error=%d', [ChkShdFldList[i].sName, GetLastError], 1); end; end; end; gMgSvc.SendEventLog(URI_USER_ACTION, MONITOR_NETSHAREFOLDER, Format('Name : %s, Path : %s', [ChkShdFldList[i].sName, ChkShdFldList[i].sPath]), false); end; end; if (sData <> '') and (CUSTOMER_TYPE <> CUSTOMER_SERVE1) then // 서브원은 알림 안뜨게함 24_0807 13:13:55 kku begin if ShdFldKind = sfkAddBlock then sData := sData + '|PV'; if IsDivPopup then begin if ((ShdFldKind = sfkAddBlock) and PO.ShareFldBlockPopup) or ((ShdFldKind <> sfkAddBlock) and PO.ShareFldAllowPopup) then gMgSvc.PopupMessage(TYPE_MSG_PREVENT_SHAREDFOLDER, sData); end else if ShdFldKind = sfkPopup then gMgSvc.PopupMessage(TYPE_MSG_PREVENT_SHAREDFOLDER, sData); end; FreeAndNil(ShdFldList); ShdFldList := ChkShdFldList; ChkShdFldList := nil; end else ShdFldList := TSharedFolder.Create(true, sComName); end; end else begin if ShdFldList <> nil then FreeAndNil(ShdFldList); if ChkShdFldList <> nil then FreeAndNil(ChkShdFldList); end; // if (gMgSvc.HeModeKind <> hmkSleep) and not IsNoPreventCaptureApp then // TerminateProcessFromList(DefBlockApps_, IgrBlockApps_); if PO.IsDefPortBlock and not bIsDefaultPortBlock_ then gMgSvc.SendEventLog(URI_USER_ACTION, LOGCODE_PREVENT_PORT, 'Port Blocked'); // bIsPrintBlock_ := gMgSvc.ModePolicy.IsPrinterEnable; bIsDefaultPortBlock_ := PO.IsDefPortBlock; FileMon_ := PO.FileMon; FileBlock_ := PO.FileBlock; bIsFileMasking_ := PO.IsMasking; bIsWatermark_ := PO.IsWaterMark; // 다중 정책 적용으로 아래 조건 무시 22_0801 15:45:05 kku // if ( gMgSvc.IsServiceAvailable and // (bIsSafeMode_ or gMgSvc.IsTemporaryConn) // ) then begin bWhiteAppOk := true; // 화이트리스트는 보안모드 정책만 참조 22_0803 16:38:05 kku sProcListW := PrefModel.SoftwareListW; // 화이트리스트 앱 차단은 VPN Client로 보안모드 진입했을때만 적용 22_0620 10:54:36 kku if Vul_.bIsVpnOn_ and PrefModel.IsMustSecuApp and (sProcListW <> '') then begin // 보안모드 해제 불가인 경우에 위반 시 취약모드로 들어가도록 다시 수정 22_0822 08:00:20 kku // if not gMgSvc.IsSafeExitImpossible and if ExtrProcessList(sProcListW) > 0 then begin // 화이트 리스트 차단 - 필수 프로그램 미실행 시 차단 var bNoExecute: Boolean := false; for i := 0 to StrList.Count - 1 do begin if GetProcessPidByName(StrList[i]) = 0 then begin bNoExecute := true; break; end; end; if bNoExecute then begin bWhiteAppOk := false; if bIsWhiteApp_ then begin gMgSvc.PopupMessage(TYPE_MSG_PREVENT_WHITEAPP, StrList[i]); gMgSvc.SendEventLog(URI_USER_ACTION, LOGCODE_PREVENT_WHITELISTAPP, Format('MustApp : "%s" not launched', [StrList[i]])); _Trace('Not found MustApp .. Name="%s"', [StrList[i]], 1); if PrefModel.IsTemporaryConn and bUseTempConn_ and not gMgSvc.IsTemporaryConn then begin Vul_.TryExitSafeMode(true); end; // Vul_.SetDisconnect(true, true); end; end; end; end; if bIsWhiteApp_ <> bWhiteAppOk then bIsWhiteApp_ := bWhiteAppOk; if not bIsLockable and bIsHostEnable then begin bIsLockable := true; ControlLockable; end else if bIsLockable and not bIsHostEnable then begin bIsLockable := false; ControlLockable; end; end; end; end; function IsAntiVirusSet: Boolean; var sUpto: String; begin Result := false; if Vul_.AvInfo_ = nil then exit; sUpto := LowerCase(Trim(Vul_.AvInfo_.Status)); if sUpto = '' then exit; // Result := (sUpto = 'up-to-date') and Vul_.AvInfo_.IsState; Result := sUpto.Contains('up') and sUpto.Contains('date') and Vul_.AvInfo_.IsState; end; function GetSafeStatus(var aSafeSate: TSafeState): Boolean; var nVulWaitSec: Integer; begin with Vul_ do begin if not PrefModel.IsEnableCheck then Exit(true); // bIsPatchUptoDate_ 체크는 별도로 한다. "팝업만" 설정 관련 22_0609 16:51:51 kku // if PrefModel.IsOsPatchCheck then // Result := bIsPasswordSet_ and bIsAvUptoDate_ and bIsFwSet_ and // bIsScreenSaverSet_ and bIsAllowAccess_ and bIsOsSafe_ and // bIsPatchUptoDate_ // else with aSafeSate do begin Result := bIsPasswordSet and bIsAvUptoDate and bIsFwSet and //not gMgSvc.IsRestricMac and // bIsSafePersonalInfo and // 개인정보 취약점 추가 22_1114 08:14:52 kku // 취약 시 보안모드 차단이 기본이 아니라 별도 처리 22_1114 08:29:06 kku bIsScreenSaverSet and bIsAllowAccess and bIsOsSafe; // and bIsPatchUptoDate; nVulWaitSec := PrefModel.VulDueTimeSec; if not Result and (nVulWaitSec > 0) and bIsAllowAccess and bIsOsSafe then begin // 취약시간 유지 추가 23_0419 09:13:08 kku if dtVulTime_ = 0 then begin dtVulTime_ := Now; Result := true; end else Result := SecondsBetween(dtVulTime_, Now) < nVulWaitSec; if Result then begin bIsPasswordSet := true; bIsAvUptoDate := true; bIsFwSet := true; bIsScreenSaverSet := true; end; end else if dtVulTime_ <> 0 then dtVulTime_ := 0; end; end; end; procedure GetVulnerability; var bIsCheckEnable, bPrevCheck, bIsPerInfoPopupOnly, bIPwTermOkPopupOnly: Boolean; OsPatchCheck: TOsPatchCheck; app: TSecureApp; nIdle, nMaxTime: Integer; sTemp: String; NewSafeState: TSafeState; begin // 보안 정보가 부팅후에 2분 뒤에 들어오는 현상이 있다... 그래서 일단 비활성 // WSC 관련 Security API는 부팅 후 2분전에 동작하지 않는다... 22_0513 13:04:27 kku if (gMgSvc = nil) or not gMgSvc.HandleConfig.Updated then exit; // if IsUseRegUserSync then // begin // // LX국토정보공사 VPN 사번 동기화 // sTemp := GetRegValueAsString(HKEY_LOCAL_MACHINE, REG_HE, 'VpnConnect'); // if (sTemp <> '') and (sTemp <> gMgSvc.AgentModel.EmpNo) then // begin // _Trace('[01] 사번 변경, %s > %s', [gMgSvc.AgentModel.EmpNo, sTemp]); // gMgSvc.AgentModel.EmpNo := sTemp; // gMgSvc.AgentModel.Save; // gMgSvc.UpdateAgentInfo; // end; // end; bIsCheckEnable := PrefModel.IsEnableCheck; with Vul_ do begin if sWindowsAccount_ = '' then sWindowsAccount_ := gMgSvc.HandleConfig.UserName; NewSafeState.bIsPasswordSet := not PrefModel.VulPassword or (gMgSvc.HandleConfig.IsPasswordSet or IsSkipPwd); NewSafeState.bIsPasswordSetTermOk := not PrefModel.VulPassword or (gMgSvc.HandleConfig.IsPasswordSetTermOk or IsSkipPwd); NewSafeState.bIsAllowAccess := PrefModel.IsAllowAccess and not gMgSvc.IsRestricMac; // and not gMgSvc.IsRestricDate; NewSafeState.bIsSafePersonalInfo := not gMgSvc.IsSchRstVul; sIdleTime_ := gMgSvc.HandleConfig.IdleTime; NewSafeState.bIsScreenSaverSet := not PrefModel.VulScreenSaver or gMgSvc.HandleConfig.IsScreenSaver; sOsVersion_ := gMgSvc.HandleConfig.OsVersion; // 포인터 넘기면 나중에 참조할때 AV에러 날수 있어서 생성함 22_0420 14:42:35 kku if AvInfo_ <> nil then FreeAndNil(AvInfo_); app := gMgSvc.HandleSecurity.GetMainAv; if app <> nil then AvInfo_ := TSecureApp.Create(app); if FwInfo_ <> nil then FreeAndNil(FwInfo_); app := gMgSvc.HandleSecurity.GetMainFw; if app <> nil then FwInfo_ := TSecureApp.Create(app); if AsInfo_ <> nil then FreeAndNil(AsInfo_); app := gMgSvc.HandleSecurity.GetMainAs; if app <> nil then AsInfo_ := TSecureApp.Create(app); AvList_ := gMgSvc.HandleSecurity.AvList; FwList_ := gMgSvc.HandleSecurity.FwList; OsPatchCheck := PrefModel.OsPatchCheck; NewSafeState.bIsOsSafe := not PrefModel.VulOsVersion or ( (sOsVersion_ <> '') and (sOsVersion_.StartsWith('10') or sOsVersion_.StartsWith('11') or sOsVersion_.StartsWith('12') or sOsVersion_.StartsWith('13')) ); NewSafeState.bIsAvUptoDate := not PrefModel.VulAntiVirus or IsAntiVirusSet; NewSafeState.bIsAvSet := not PrefModel.VulAntiVirus or ( (AvInfo_ <> nil) and AvInfo_.IsState ); NewSafeState.bIsFwSet := not PrefModel.VulFirewall or ( (FwInfo_ <> nil) and FwInfo_.IsState ); if gMgSvc.IsServiceAvailable then NewSafeState.bIsPatchUptoDate := SafeState_.bIsPatchUptoDate or gMgSvc.IsPatchUptoDate // 보안모드 상태에서도 상태 양호로 변경되도록 보완 22_0620 10:43:46 kku else NewSafeState.bIsPatchUptoDate := IsSkipOsPatch or (OsPatchCheck = opcNone) or gMgSvc.IsPatchUptoDate; bIsPerInfoPopupOnly := not PrefModel.IsScanBlock; bIPwTermOkPopupOnly := (PrefModel.PwChkTerm = pctPopup) or (PrefModel.PwChkTerm = pctLog); bPrevCheck := bIsSafeMode_ and (SafeState_.bIsPatchUptoDate or (OsPatchCheck <> opcCheck)) and (SafeState_.bIsSafePersonalInfo or bIsPerInfoPopupOnly) and (SafeState_.bIsPasswordSetTermOk or bIPwTermOkPopupOnly); bIsSafeMode_ := GetSafeStatus(NewSafeState); if not bIsCheckEnable then begin bIsSafeMode_ := NewSafeState.bIsAllowAccess; // true; // "보안모드 허용" 상태를 상위 정책으로 변경 23_0614 16:06:25 kku NewSafeState.bIsScreenSaverSet := true; NewSafeState.bIsOsSafe := true; NewSafeState.bIsAvUptoDate := true; NewSafeState.bIsFwSet := true; NewSafeState.bIsAvSet := true; NewSafeState.bIsPatchUptoDate := true; NewSafeState.bIsPasswordSet := true; NewSafeState.bIsPasswordSetTermOk := true; NewSafeState.bIsSafePersonalInfo := true; // bIsWhiteApp_ := true; // 이거 넣으면 안된다. 필수앱은 취약점 점검과는 별도로 동작해야됨 23_0726 11:01:09 kku // bIsAllowAccess_ := true; end; if (not bPrevCheck and bIsSafeMode_ and (NewSafeState.bIsPatchUptoDate or (OsPatchCheck <> opcCheck)) and (NewSafeState.bIsSafePersonalInfo or bIsPerInfoPopupOnly)) and (NewSafeState.bIsPasswordSetTermOk or bIPwTermOkPopupOnly) then begin // 조치가 완료되어서 보안모드 진입 가능하다는 메시지 팝업 SafeState_ := NewSafeState; gMgSvc.SendEventLog(URI_USER_ACTION, STATUS_CLEAN, 'Vulnerability : Clean'); gMgSvc.PopupMessage(TYPE_MSG_SAFEAPPLIED); InitPopup; end else if CheckUnSafeState(NewSafeState) and // not bIsSafeMode_ and (not gMgSvc.IsVpnClientON or gMgSvc.IsTemporaryConn) then // gMgSvc.IsSafeExitImpossible then CallPopup; if gMgSvc.IsServiceAvailable then begin if ( not SafeState_.bIsAllowAccess and not gMgSvc.IsSafeExitImpossible ) or ( // IsUseAfterReport and // 사후 보고서 완료 체크 22_0608 08:45:42 kku PrefModel.IsUseAfterReport and MutexExists(MUTEX_AFTERREPORT) ) then begin if MutexExists(MUTEX_AFTERREPORT) then gMgSvc.PopupMessage(TYPE_MSG_AFTERREPORT); CallUnsafeProc(false); end else if IsSafeMode and IsWhiteApp then begin bIsVulMode_ := false; if not SafeState_.bIsPatchUptoDate or not SafeState_.bIsSafePersonalInfo or not SafeState_.bIsPasswordSetTermOk then begin if not gMgSvc.IsTemporaryConn and not gMgSvc.IsSafeExitImpossible and ( (not SafeState_.bIsPatchUptoDate and (OsPatchCheck = opcCheck)) or (not SafeState_.bIsSafePersonalInfo and not bIsPerInfoPopupOnly) or (not SafeState_.bIsPasswordSetTermOk and not bIPwTermOkPopupOnly) ) then begin CallUnsafeProc(true) end else if not bIsVpnOn_ then begin CallPopup(true); // OsPatchPopup CallSafeProc; end; // 보안모드 사용중 30분 마다 팝업 추가 22_0609 08:36:30 kku if not SafeState_.bIsPatchUptoDate and ((dwOsPatchPopupTick_ = 0) or (IsOsPatchPopup30Min and ((GetTickCount - dwOsPatchPopupTick_) >= 1800000))) then begin dwOsPatchPopupTick_ := GetTickCount; if OsPatchCheck <> opcLog then gMgSvc.PopupMessage(TYPE_MSG_VUL_OS); end; end else CallSafeProc; end else begin if not gMgSvc.IsTemporaryConn then begin if PrefModel.IsTemporaryConn and not bUseTempConn_ then begin // 임시 보안모드 정책이 있고, 이번 접속에 사용한 적이 없다면 22_0613 14:00:36 kku gMgSvc.SetTemporaryConn(true); SetUseTempConn(true); CallSafeProc; end else if gMgSvc.IsSafeExitImpossible then begin // VPN Client로 보안모드 진입이 아닐 경우 취약상태여도 무조건 보안모드로 진입 22_0621 07:45:41 kku if not bIsVulMode_ then begin bIsVulMode_ := true; TryExitSafeMode(true); // "보안모드 종료시 제어" 시도 InitPopup; // 취약점 메시지 팝업 되도록 추가 24_1014 16:47:47 kku end else CallPopup; CallSafeProc; end else CallUnsafeProc(true); end else CallSafeProc; end; end else if bIsVpnOn_ then begin CallUnsafeProc(false); end; // 아래로 옮김 22_0613 14:21:17 kku // sTemp := PrefModel.AllowConn; if not SafeState_.bIsAllowAccess then begin if gMgSvc.IsRestricMac then begin sAccessStatus_ := RS_CONNECTION_NOTALLOWED_MAC; end else // if gMgSvc.IsRestricDate then // begin // sAccessStatus_ := RS_CONNECTION_NOTALLOWED_DATE; // end else // 접속 허용과 날짜만료를 OR 조건으로 변경했기 때문에 // gMgSvc.IsRestricDate = false라면 접속 허용으로 표시 해줘야 한다. 22_1116 08:35:30 kku sAccessStatus_ := RS_CONNECTION_NOTALLOWED; end else sAccessStatus_ := RS_CONNECTION_ALLOW; // PrefModel.AllowConn 참조 사용하지 않음 22_1116 08:58:48 kku // if sTemp.ToLower = 'true' then // begin // sAccessStatus_ := RS_CONNECTION_ALLOW; // end else // if sTemp.ToLower = 'false' then // begin // sAccessStatus_ := RS_CONNECTION_NOTALLOWED; // end else // if sTemp <> '' then // begin // if CUSTOMER_TYPE = CUSTOMER_KR then // sAccessStatus_ := RS_CONNECTION_ALLOW // KR에서는 사번값이 들어가서 무조건 "접속 허용"으로 보이도록 보완 22_0922 10:46:52 kku // else // sAccessStatus_ := Format('%s - %s', [RS_CONNECTION_TEMP, sTemp]) // end else // sAccessStatus_ := RS_CONNECTION_TEMP; with NewRefreshView do begin BS1ModeKind := Integer(gMgSvc.HeModeKind); NicService_GetIP := gMgSvc.NicService.GetIP; AgentModel_EmpNo := gMgSvc.AgentModel.EmpNo; AgentModel_Location := gMgSvc.AgentModel.Location; // PrefModel_SoftwareControlType := gMgSvc.ModePolicy.SoftwareControlType; IsServiceAvailable := gMgSvc.IsServiceAvailable; PrefModel_WhiteApp := PrefModel.IsMustSecuApp; PrefModel_BlackApp := gMgSvc.ModePolicy.IsBlockApp; PrefModel_IsMasking := gMgSvc.ModePolicy.IsMasking; PrefModel_FileMon := Integer(gMgSvc.ModePolicy.FileMon.Kind); PrefModel_FileBlock := Integer(gMgSvc.ModePolicy.FileBlock.Kind); PrefModel_IsWaterMark := gMgSvc.ModePolicy.IsWaterMark; PrefModel_PrinterEnableType := Integer(gMgSvc.ModePolicy.Print.PrintKind); PrefModel_MtpEnable := Integer(gMgSvc.ModePolicy.MtpBlockKind); PrefModel_BlueEnable := Integer(gMgSvc.ModePolicy.BlueBlockKind); PrefModel_WebbMonKind := Integer(gMgSvc.ModePolicy.WebbMonKind); PrefModel_CapAppMonKind := Integer(gMgSvc.ModePolicy.CapAppMonKind); PrefModel_PwChkTerm := Integer(PrefModel.PwChkTerm); PrefModel_NotiType := Integer(gMgSvc.ModePolicy.NotifyType); PrefModel_NotiKind := Integer(gMgSvc.ModePolicy.NotifyKind); PrefModel_AfterLock := Integer(gMgSvc.PrefModel.ScreenLockKind); PrefModel_AfterShutdown := gMgSvc.PrefModel.ForceShutdownMin; PrefModel_DefPortEnable := gMgSvc.ModePolicy.IsDefPortBlock; PrefModel_AppInstKind := Integer(gMgSvc.ModePolicy.AppInstKind); PrefModel_ExtraPortEnableType := gMgSvc.ModePolicy.ExtraPortEnableType; PrefModel_IsLogoDisplay := Integer(gMgSvc.ModePolicy.ScreenLogo); PrefModel_ScreenLogoAlpha := gMgSvc.ModePolicy.ScreenLogoAlpha; PrefModel_UsbEnable := Integer(gMgSvc.ModePolicy.UsbBlockKind); PrefModel_IsOsPatchCheck := Integer(PrefModel.OsPatchCheck); // PrefModel_SleepBlockType := gMgSvc.ModePolicy.SleepBlockType; PrefModel_NetworkBlockType := gMgSvc.ModePolicy.NetworkBlockType; PrefModel_HostEnable := gMgSvc.ModePolicy.HostEnable; PrefModel_RouteEnable := gMgSvc.ModePolicy.RouteEnable; PrefModel_IsClipboardEnable := Integer(gMgSvc.ModePolicy.ClipBlockKind); PrefModel_OutAttBlk := Integer(gMgSvc.ModePolicy.OutlookAB.Kind); PrefModel_WebbAttBlk := Integer(gMgSvc.ModePolicy.WebbAB.Kind); PrefModel_EtcAttBlk := Integer(gMgSvc.ModePolicy.EtcAB.Kind); PrefModel_FdRename := Integer(gMgSvc.ModePolicy.BlockFdRename); PrefModel_FRename := Integer(gMgSvc.ModePolicy.BlockFRename); PrefModel_SharedFolder := Integer(gMgSvc.ModePolicy.ShareFolder); PrefModel_IsEmpVerify := PrefModel.IsEmpVerify; PrefModel_ForceScreenLockMin := gMgSvc.PrefModel.ForceScreenLockMin; PreFModel_WifiCtrlKind := Integer(gMgSvc.ModePolicy.WifiCtrlKind); PrefModel_WifiPublicBlock := gMgSvc.ModePolicy.IsWifiPublicBlock; PrefModel_IsShowPolicy := PrefModel.IsShowPolicy; PrefModel_IsShowAInfo := PrefModel.IsShowAInfo; PrefModel_IsEnableCheck := PrefModel.IsEnableCheck; PrefModel_VulOsVersion := PrefModel.VulOsVersion; PrefModel_VulAntiVirus := PrefModel.VulAntiVirus; PrefModel_VulPassword := PrefModel.VulPassword; PrefModel_VulScreenSaver := PrefModel.VulScreenSaver; PrefModel_VulFirewall := PrefModel.VulFirewall; IsConnStatus := gMgSvc.Connected; VulService_AccessStatus := Vul_.sAccessStatus_; if Vul_.AvInfo_ <> nil then VulService_AvInfo_Name := Vul_.AvInfo_.Name else VulService_AvInfo_Name := ''; if Vul_.FwInfo_ <> nil then VulService_FwInfo_Name := Vul_.FwInfo_.Name else VulService_FwInfo_Name := ''; VulService_WindowsAccount := Vul_.WindowsAccount; VulService_OsVersion := Vul_.OsVersion; VulService_IsSafeMode := Vul_.IsSafeMode and Vul_.bIsWhiteApp_; VulService_IsOsPatchUptoDate := Vul_.IsOsPatchUptoDate; VulService_IsOsSafe := Vul_.IsOsSafe; VulService_IsPasswordSet := Vul_.IsPasswordSet; VulService_IsPasswordSetTermOk := Vul_.IsPasswordSetTermOk; VulService_IsScreenSaverSet := Vul_.IsScreenSaverSet; VulService_IsAntiVirusUpToDate := Vul_.IsAntiVirusUpToDate; VulService_IsFirewallOn := Vul_.IsFirewallOn; end; if not CheckRefreshView(NewRefreshView, OldRefreshView) then begin OldRefreshView := NewRefreshView; gMgSvc.RefreshView; end; end; end; begin ZeroMemory(@NewRefreshView, SizeOf(NewRefreshView)); ZeroMemory(@OldRefreshView, SizeOf(OldRefreshView)); Guard(StrList, TStringList.Create); bIsLockable := false; F1 := nil; F2 := nil; F3 := nil; F4 := nil; F5 := nil; PrefModel := nil; sComName := GetComName; CoInitialize(nil); try ShdFldList := nil; ChkShdFldList := nil; while not Terminated and not GetWorkStop do begin try PrefModel := gMgSvc.PrefModel; GetVulnerability; // PolicySyncService에서 하는 작업을 여기서 처리해준다. 22_0422 08:47:07 kku PolicySyncService; Sleep(1000); except on E: Exception do ETgException.TraceException(Self, E, 'Fail .. Execute()'); end; end; finally if F1 <> nil then FreeAndNil(F1); if F2 <> nil then FreeAndNil(F2); if F3 <> nil then FreeAndNil(F3); if F4 <> nil then FreeAndNil(F4); if F5 <> nil then FreeAndNil(F5); if ShdFldList <> nil then FreeAndNil(ShdFldList); if ChkShdFldList <> nil then FreeAndNil(ChkShdFldList); CoUninitialize; end; end; { TVulnerabilityService } Constructor TVulnerabilityService.Create; begin Inherited Create; sOsVersion_ := '10.0'; bIsSafeMode_ := true; SafeState_.bIsScreenSaverSet := true; SafeState_.bIsPasswordSet := true; SafeState_.bIsPasswordSetTermOk := true; SafeState_.bIsSafePersonalInfo := true; SafeState_.bIsOsSafe := true; SafeState_.bIsAvUptoDate := true; SafeState_.bIsFwSet := true; SafeState_.bIsAvSet := true; SafeState_.bIsPatchUptoDate := true; SafeState_.bIsAllowAccess := true; bIsWhiteApp_ := true; sScreenTime_ := ''; sIdleTime_ := ''; bIsVpnOn_ := false; bIsVulMode_ := false; dwVpnOnTick_ := 0; bIsDefaultPortBlock_ := false; ZeroMemory(@FileMon_, SizeOf(FileMon_)); ZeroMemory(@FileBlock_, SizeOf(FileBlock_)); bIsFileMasking_ := false; bIsWatermark_ := false; bIsForceDisconnect_ := false; sEulaData_ := ''; sAccessStatus_ := RS_CONNECTION_ALLOW; AvList_ := nil; FwList_ := nil; AvInfo_ := nil; AsInfo_ := nil; FwInfo_ := nil; bIsPatchUptoDate_Pop_ := false; bIsPasswordSet_Pop_ := false; bIsPasswordSetTermOk_Pop_ := false; bIsSafePersonalInfo_Pop_ := false; bIsAvUptoDate_Pop_ := false; bIsFwSet_Pop_ := false; bIsScreenSaverSet_Pop_ := false; bIsAllowAccess_Pop_ := false; bIsOsSafe_Pop_ := false; bUseTempConn_ := false; dwOsPatchPopupTick_ := 0; dwUnsafeActionTick_ := 0; ThdVulSvc_ := TThdVulSvc.Create(Self); ThdVulSvc_.StartThread; end; Destructor TVulnerabilityService.Destroy; begin FreeAndNil(ThdVulSvc_); if AvInfo_ <> nil then FreeAndNil(AvInfo_); if AsInfo_ <> nil then FreeAndNil(AsInfo_); if FwInfo_ <> nil then FreeAndNil(FwInfo_); Inherited; end; procedure TVulnerabilityService.StopWork; begin ThdVulSvc_.StopThread; end; procedure TVulnerabilityService.CallSafeProc; begin if not bIsVpnOn_ then begin if not SafeState_.bIsOsSafe then begin gMgSvc.PopupMessage(TYPE_MSG_OLD_WINDOWS); gMgSvc.SendEventLog(URI_USER_ACTION, REQUEST_QNA, 'OS is not safe'); end; // gMgSvc.SendEventLog(URI_USER_ACTION, LOGCODE_EVENT_VPNCONNECT, 'Security Mode'); gMgSvc.ProcessVpnConnect; dwVpnOnTick_ := GetTickCount; bIsVpnOn_ := true; bIsVulMode_ := false; end; end; procedure TVulnerabilityService.CallUnsafeProc(bIsDirect: Boolean); begin // 보안모드 가능상태이고, VPN Client를 통한 보안모드가 아니라면 // 강제로 끊기가 불가능하기 때문에 넘어간다 22_0613 13:20:23 kku if gMgSvc.IsServiceAvailable and gMgSvc.IsSafeExitImpossible then begin CallPopup; exit; end else CallPopup(true); if bIsDirect then begin gMgSvc.SetRouterOn(false); gMgSvc.SetVpnNicOn(false); gMgSvc.PopupSystemMsg(TYPE_MSG_SYSTEM_NETWORKCLOSE); end; SetDisconnect(true, bIsDirect); if bIsVpnOn_ then begin if ((GetTickCount - dwVpnOnTick_) > 10000) and // VPN 10초 사용전에는 사후 보고서 징수 안함 22_0616 13:30:31 kku // IsUseAfterReport and gMgSvc.PrefModel.IsUseAfterReport then gMgSvc.PopupAfterReport; bIsVpnOn_ := false; bIsVulMode_ := false; dwVpnOnTick_ := 0; gMgSvc.PopupSystemMsg(TYPE_MSG_SYSTEM_VPNCLOSED); gMgSvc.ProcessVpnDisconnect; // gMgSvc.SendEventLog(URI_USER_ACTION, LOGCODE_EVENT_VPNDISCONN, 'Sleep mode'); end; end; procedure TVulnerabilityService.CallPopup(bInitPop: Boolean = false; bSendLog: Boolean = true); procedure SendEventLog(sCode, sSummary: String); begin if not bSendLog then exit; if gMgSvc.IsNewApi then begin var LogInfo: TLogInfo; ZeroMemory(@LogInfo, SizeOf(LogInfo)); LogInfo.sCode := sCode; LogInfo.sSummary := sSummary; gMgSvc.SendEventLogEx(@LogInfo, false); end else gMgSvc.SendEventLog(URI_USER_ACTION, sCode, sSummary); end; begin if bInitPop then InitPopup; with SafeState_ do begin if not bIsPatchUptoDate and ((dwOsPatchPopupTick_ = 0) or ( IsOsPatchPopup30Min and ((GetTickCount - dwOsPatchPopupTick_) >= 1800000)) ) then // 30분 마다 팝업 추가 22_0609 08:36:30 kku begin dwOsPatchPopupTick_ := GetTickCount; if gMgSvc.PrefModel.OsPatchCheck <> opcLog then gMgSvc.PopupMessage(TYPE_MSG_VUL_OS); SendEventLog(STATUS_OS, 'Vulnerability : OS Patch'); // bIsPatchUptoDate_Pop_ := true; end; if not bIsPasswordSet and not bIsPasswordSet_Pop_ then begin bIsPasswordSet_Pop_ := true; gMgSvc.PopupMessage(TYPE_MSG_VUL_PW); SendEventLog(STATUS_PASSWORD, 'Vulnerability : Password Empty'); end; if not bIsPasswordSetTermOk and not bIsPasswordSetTermOk_Pop_ then begin bIsPasswordSetTermOk_Pop_ := true; if gMgSvc.PrefModel.PwChkTerm <> pctLog then gMgSvc.PopupMessage(TYPE_MSG_VUL_PW_LAST_CHANGE); SendEventLog(SYSEVT_AGENT_PWDEXPIRED, 'Vulnerability : Password Expire'); end; if not bIsSafePersonalInfo and not bIsSafePersonalInfo_Pop_ then begin bIsSafePersonalInfo_Pop_ := true; if gMgSvc.PrefModel.ScanBlockKind <> sbkLog then gMgSvc.PopupMessage(TYPE_MSG_VUL_SCAN); SendEventLog(STATUS_SCANINFO, 'Vulnerability : PersonalInfo'); end; if not bIsAvUptoDate and not bIsAvUptoDate_Pop_ then begin bIsAvUptoDate_Pop_ := true; gMgSvc.PopupMessage(TYPE_MSG_VUL_AV); SendEventLog(STATUS_AV, 'Vulnerability : AV Update'); end; if not bIsAvSet and not bIsAvSet_Pop_ then begin bIsAvSet_Pop_ := true; gMgSvc.PopupMessage(TYPE_MSG_VUL_AV); SendEventLog(STATUS_AV, 'Vulnerability : AV'); end; if not bIsFwSet and not bIsFwSet_Pop_ then begin bIsFwSet_Pop_ := true; gMgSvc.PopupMessage(TYPE_MSG_VUL_FW); SendEventLog(STATUS_FW, 'Vulnerability : FW'); end; if not bIsScreenSaverSet and not bIsScreenSaverSet_Pop_ then begin bIsScreenSaverSet_Pop_ := true; gMgSvc.PopupMessage(TYPE_MSG_VUL_SCREEN); SendEventLog(STATUS_SCRNSAVER, 'Vulnerability : ScreenSaver'); end; if not bIsAllowAccess and not bIsAllowAccess_Pop_ then begin bIsAllowAccess_Pop_ := true; gMgSvc.PopupMessage(TYPE_MSG_VUL_ALLOWACCESS); SendEventLog(STATUS_ACCESS_BLOCK, 'Vulnerability : Access Denied'); end; if not bIsOsSafe and not bIsOsSafe_Pop_ then begin bIsOsSafe_Pop_ := true; gMgSvc.PopupMessage(TYPE_MSG_OLD_WINDOWS); // todo : OS 버전 취약 상태 전송 // gMgSvc.SendEventLog(URI_USER_ACTION, LOGCODE_EVENT_QNA, 'OS is not safe'); end; end; end; procedure TVulnerabilityService.TryExitSafeMode(bForceDisconn: Boolean); var VpnList: TStringList; i: Integer; sList: String; PO: TPrefModel; begin try // todo : bForceDisconn 인자가 없어도 되는거 처리 24_0705 09:40:19 kku if bForceDisconn then begin PO := gMgSvc.PrefModel; // 음.... 보안모드 종료 동작 대기는 구현이 어려울거 같다 삭제 대기 24_0820 14:10:49 kku // if dwUnsafeActionTick_ <> 0 then // begin // if ((GetTickCount - dwUnsafeActionTick_) < (PO.UnsafeActionsMin * 1000)) then // exit; // end else // if PO.IsSecuEndActions and PO.IsUnsafeActions and (PO.UnsafeActionsMin > 0) then // begin // dwUnsafeActionTick_ := GetTickCount; // exit; // end; // // dwUnsafeActionTick_ := 0; bIsForceDisconnect_ := true; if PO.IsSecuEndActions and PO.UnsafeActions.Contains('app') then begin Guard(VpnList, TStringList.Create); if SplitString(gMgSvc.VpnClient, ';', VpnList) > 0 then for i := 0 to VpnList.Count - 1 do TerminateProcessByName(VpnList[i]); gMgSvc.IsVpnClientON := false; sList := PO.VpnRcAppList; if sList <> '' then begin if sList.Contains('zo') then TerminateProcessByName('cpthost.exe'); if sList.Contains('we') then TerminateProcessByName('ebexmta.exe'); if sList.Contains('wh') then TerminateProcessByName('whale.exe'); if sList.Contains('cu') then TerminateProcessByName('CMConf.exe'); end; end; end; except on E: Exception do ETgException.TraceException(Self, E, 'Fail .. TryExitSafeMode()'); end; end; procedure TVulnerabilityService.SetDisconnect(bIsOn: Boolean; bForceDisconn: Boolean = true); begin if bIsOn then begin TryExitSafeMode(bForceDisconn); // 초기화 해주는 부분이 없어서... 일단 여기에 추가 22_0425 08:37:11 kku gMgSvc.ProcessVpnDisconnect; end else bIsForceDisconnect_ := false; end; procedure TVulnerabilityService.SetUseTempConn(bVal: Boolean); begin bUseTempConn_ := bVal; end; procedure TVulnerabilityService.InitPopup; begin dwOsPatchPopupTick_ := 0; bIsPatchUptoDate_Pop_ := false; bIsPasswordSet_Pop_ := false; bIsPasswordSetTermOk_Pop_ := false; bIsSafePersonalInfo_Pop_ := false; bIsAvUptoDate_Pop_ := false; bIsFwSet_Pop_ := false; bIsScreenSaverSet_Pop_ := false; bIsAllowAccess_Pop_ := false; bIsOsSafe_Pop_ := false; bUseTempConn_ := false; end; function TVulnerabilityService.CheckUnSafeState(aNewSafeState: TSafeState): Boolean; begin Result := true; try with SafeState_ do begin if bIsAllowAccess and not aNewSafeState.bIsAllowAccess then begin bIsAllowAccess_Pop_ := false; exit; end; if bIsScreenSaverSet and not aNewSafeState.bIsScreenSaverSet then begin bIsScreenSaverSet_Pop_ := false; exit; end; if bIsOsSafe and not aNewSafeState.bIsOsSafe then begin bIsOsSafe_Pop_ := false; exit; end; if bIsAvUptoDate and not aNewSafeState.bIsAvUptoDate then begin bIsAvUptoDate_Pop_ := false; exit; end; if bIsFwSet and not aNewSafeState.bIsFwSet then begin bIsFwSet_Pop_ := false; exit; end; if bIsAvSet and not aNewSafeState.bIsAvSet then begin bIsAvSet_Pop_ := false; exit; end; if bIsPatchUptoDate and not aNewSafeState.bIsPatchUptoDate then begin dwOsPatchPopupTick_ := 0; // bIsPatchUptoDate_Pop_ := false; exit; end; if bIsPasswordSet and not aNewSafeState.bIsPasswordSet then begin bIsPasswordSet_Pop_ := false; exit; end; if bIsPasswordSetTermOk and not aNewSafeState.bIsPasswordSetTermOk then begin bIsPasswordSetTermOk_Pop_ := false; exit; end; if bIsSafePersonalInfo and not aNewSafeState.bIsSafePersonalInfo then begin bIsSafePersonalInfo_Pop_ := false; exit; end; end; Result := false; finally SafeState_ := aNewSafeState; end; end; //procedure TVulnerabilityService.SetPrintBlock(bVal: Boolean); //begin // if not bIsPrintBlock_ and bVal then // gMgSvc.SendEventLog(URI_USERUPDATE, LOGCODE_PREVENT_PRINTER, 'Prevent Printer mode enabled'); // bIsPrintBlock_ := bVal; //end; procedure TVulnerabilityService.SetDefaultPortBlock(bVal: Boolean); begin if not bIsDefaultPortBlock_ and bVal then gMgSvc.SendEventLog(URI_USERUPDATE, LOGCODE_PREVENT_PORT, 'Prevent Default Port mode enabled'); bIsDefaultPortBlock_ := bVal; end; end.