1432 lines
51 KiB
Plaintext
1432 lines
51 KiB
Plaintext
{*******************************************************}
|
|
{ }
|
|
{ VulnerabilityService }
|
|
{ }
|
|
{ Copyright (C) 2022 kku }
|
|
{ }
|
|
{*******************************************************}
|
|
|
|
unit VulnerabilityService;
|
|
|
|
interface
|
|
|
|
uses
|
|
Tocsg.Obj, System.SysUtils, System.Classes, Tocsg.Thread, SecureApp,
|
|
Winapi.Windows, ManagerModel;
|
|
|
|
type
|
|
TVulnerabilityService = class;
|
|
TThdVulSvc = class(TTgThread)
|
|
private
|
|
bFirstCheck_: Boolean;
|
|
Vul_: TVulnerabilityService;
|
|
IgrBlockApps_: TStringList;
|
|
dtVulTime_: TDateTime; // 최초 취약을 인지한 시간 23_0419 09:02:36 kku
|
|
protected
|
|
procedure Execute; override;
|
|
public
|
|
Constructor Create(aVul: TVulnerabilityService);
|
|
Destructor Destroy; override;
|
|
end;
|
|
|
|
// UI 업데이트 수를 줄이기 위해 변경된 부분 체크 추가 22_0504 17:00:59 kku
|
|
PCheckRefreshView = ^TCheckRefreshView;
|
|
TCheckRefreshView = packed record
|
|
BS1ModeKind: Integer;
|
|
NicService_GetIP,
|
|
AgentModel_EmpNo,
|
|
AgentModel_Location,
|
|
// PrefModel_SleepBlockType,
|
|
PrefModel_NetworkBlockType: String;
|
|
IsServiceAvailable,
|
|
PrefModel_WhiteApp,
|
|
PrefModel_BlackApp,
|
|
PrefModel_IsMasking,
|
|
PrefModel_IsWaterMark,
|
|
PrefModel_HostEnable,
|
|
PrefModel_RouteEnable,
|
|
PrefModel_IsEmpVerify,
|
|
IsConnStatus: Boolean;
|
|
PrefModel_IsOsPatchCheck,
|
|
PrefModel_FileMon,
|
|
PrefModel_FileBlock,
|
|
PrefModel_UsbEnable,
|
|
PrefModel_MtpEnable,
|
|
PrefModel_BlueEnable,
|
|
PrefModel_PrinterEnableType,
|
|
PrefModel_ExtraPortEnableType,
|
|
PrefModel_ForceScreenLockMin,
|
|
PreFModel_WifiCtrlKind,
|
|
PrefModel_AppInstKind,
|
|
PrefModel_IsClipboardEnable,
|
|
PrefModel_OutAttBlk,
|
|
PrefModel_WebbAttBlk,
|
|
PrefModel_EtcAttBlk,
|
|
PrefModel_FdRename,
|
|
PrefModel_FRename,
|
|
PrefModel_SharedFolder,
|
|
PrefModel_NotiType,
|
|
PrefModel_NotiKind,
|
|
PrefModel_AfterLock,
|
|
PrefModel_AfterShutdown,
|
|
PrefModel_WebbMonKind,
|
|
PrefModel_CapAppMonKind,
|
|
PrefModel_PwChkTerm,
|
|
PrefModel_IsLogoDisplay,
|
|
PrefModel_ScreenLogoAlpha: Integer;
|
|
|
|
PrefModel_IsShowPolicy,
|
|
PrefModel_IsShowAInfo,
|
|
PrefModel_WifiPublicBlock,
|
|
PrefModel_DefPortEnable,
|
|
PrefModel_IsEnableCheck,
|
|
PrefModel_VulOsVersion,
|
|
PrefModel_VulAntiVirus,
|
|
PrefModel_VulPassword,
|
|
PrefModel_VulScreenSaver,
|
|
PrefModel_VulFirewall: Boolean;
|
|
|
|
VulService_AccessStatus,
|
|
VulService_AvInfo_Name,
|
|
VulService_FwInfo_Name,
|
|
VulService_WindowsAccount,
|
|
VulService_OsVersion: String;
|
|
VulService_IsSafeMode,
|
|
VulService_IsOsPatchUptoDate,
|
|
VulService_IsOsSafe,
|
|
VulService_IsPasswordSet,
|
|
VulService_IsPasswordSetTermOk,
|
|
VulService_IsScreenSaverSet,
|
|
VulService_IsAntiVirusUpToDate,
|
|
VulService_IsFirewallOn: Boolean;
|
|
end;
|
|
|
|
TSafeState = record
|
|
bIsAllowAccess,
|
|
bIsScreenSaverSet,
|
|
bIsOsSafe,
|
|
bIsAvUptoDate,
|
|
bIsFwSet,
|
|
bIsAvSet,
|
|
bIsPatchUptoDate,
|
|
bIsSafePersonalInfo,
|
|
bIsPasswordSet,
|
|
bIsPasswordSetTermOk: Boolean;
|
|
end;
|
|
|
|
TVulnerabilityService = class(TTgObject)
|
|
private
|
|
ThdVulSvc_: TThdVulSvc;
|
|
|
|
bIsVpnOn_,
|
|
bIsVulMode_: Boolean;
|
|
dwVpnOnTick_: DWORD;
|
|
|
|
sOsVersion_: String;
|
|
FileMon_,
|
|
FileBlock_: TFileMonPolicy;
|
|
bIsSafeMode_,
|
|
bIsFileMasking_,
|
|
bIsDefaultPortBlock_,
|
|
bIsWatermark_,
|
|
bIsForceDisconnect_: Boolean;
|
|
SafeState_: TSafeState;
|
|
sScreenTime_,
|
|
sIdleTime_,
|
|
sAccessStatus_,
|
|
sWindowsAccount_,
|
|
sEulaData_: String;
|
|
AvList_,
|
|
FwList_: TSecureAppList;
|
|
AvInfo_,
|
|
AsInfo_,
|
|
FwInfo_: TSecureApp;
|
|
|
|
// 팝업 여부
|
|
bIsPatchUptoDate_Pop_,
|
|
bIsPasswordSet_Pop_,
|
|
bIsAvUptoDate_Pop_,
|
|
bIsFwSet_Pop_,
|
|
bIsAvSet_Pop_,
|
|
bIsScreenSaverSet_Pop_,
|
|
bIsAllowAccess_Pop_,
|
|
bIsOsSafe_Pop_,
|
|
bIsSafePersonalInfo_Pop_,
|
|
bIsPasswordSetTermOk_Pop_,
|
|
|
|
bIsWhiteApp_,
|
|
bUseTempConn_: Boolean;
|
|
|
|
dwUnsafeActionTick_, // 보안모드 종료 동작 대기 24_0820 13:52:43 kku
|
|
dwOsPatchPopupTick_: DWORD; // OS 업데이트 팝업 메시지 보여줬는지 체크 22_0506 14:00:12 kku
|
|
|
|
procedure InitPopup;
|
|
function CheckUnSafeState(aNewSafeState: TSafeState): Boolean;
|
|
// procedure SetPrintBlock(bVal: Boolean);
|
|
procedure SetDefaultPortBlock(bVal: Boolean);
|
|
public
|
|
Constructor Create;
|
|
Destructor Destroy; override;
|
|
procedure StopWork;
|
|
|
|
procedure CallSafeProc;
|
|
procedure CallUnsafeProc(bIsDirect: Boolean);
|
|
procedure CallPopup(bInitPop: Boolean = false; bSendLog: Boolean = true);
|
|
|
|
procedure TryExitSafeMode(bForceDisconn: Boolean);
|
|
procedure SetDisconnect(bIsOn: Boolean; bForceDisconn: Boolean = true);
|
|
procedure SetUseTempConn(bVal: Boolean);
|
|
|
|
property OsVersion: String read sOsVersion_;
|
|
property IsScreenSaverSet: Boolean read SafeState_.bIsScreenSaverSet;
|
|
property IsPasswordSet: Boolean read SafeState_.bIsPasswordSet;
|
|
property IsPasswordSetTermOk: Boolean read SafeState_.bIsPasswordSetTermOk;
|
|
property IsSafePersonalInfo: Boolean read SafeState_.bIsSafePersonalInfo;
|
|
property IsOsPatchUptoDate: Boolean read SafeState_.bIsPatchUptoDate;
|
|
property IsAntiVirusUpToDate: Boolean read SafeState_.bIsAvUptoDate;
|
|
property IsFirewallOn: Boolean read SafeState_.bIsFwSet;
|
|
property IsAvOn: Boolean read SafeState_.bIsAvSet;
|
|
property IsSafeMode: Boolean read bIsSafeMode_;
|
|
property IsWhiteApp: Boolean read bIsWhiteApp_;
|
|
property IsOsSafe: Boolean read SafeState_.bIsOsSafe;
|
|
property IsFileMasking: Boolean read bIsFileMasking_;
|
|
property IsDefaultPortBlock: Boolean read bIsDefaultPortBlock_;
|
|
property IsWatermark: Boolean read bIsWatermark_;
|
|
property IsForceDisconnect: Boolean read bIsForceDisconnect_;
|
|
property IsAllowAccess: Boolean read SafeState_.bIsAllowAccess;
|
|
property ScreenTime: String read sScreenTime_;
|
|
property IdleTime: String read sIdleTime_;
|
|
property AccessStatus: String read sAccessStatus_;
|
|
property WindowsAccount: String read sWindowsAccount_;
|
|
property EulaData: String read sEulaData_;
|
|
property UnsafeActionTick: DWORD read dwUnsafeActionTick_;
|
|
property AvList: TSecureAppList read AvList_;
|
|
property FwList: TSecureAppList read FwList_;
|
|
property AvInfo: TSecureApp read AvInfo_;
|
|
property AsInfo: TSecureApp read AsInfo_;
|
|
property FwInfo: TSecureApp read FwInfo_;
|
|
|
|
property IsVpnOn: Boolean read bIsVpnOn_;
|
|
end;
|
|
|
|
resourcestring
|
|
RS_CONNECTION_ALLOW = '접속 허용';
|
|
RS_CONNECTION_NOTALLOWED = '접속 미승인';
|
|
RS_CONNECTION_TEMP = '임시 허용';
|
|
RS_CONNECTION_EXP = '예외 허용';
|
|
RS_CONNECTION_EXP_TODAY = '당일';
|
|
RS_CONNECTION_NOEMPVERIFY = '사번 미검증';
|
|
RS_CONNECTION_NOTALLOWED_MAC = 'MAC 미승인';
|
|
RS_CONNECTION_NOTALLOWED_DATE = '유효기간만료';
|
|
RS_SharedName = '공유 이름';
|
|
RS_FolderName = '폴더 이름';
|
|
|
|
implementation
|
|
|
|
uses
|
|
Tocsg.Exception, ManagerService, Condition, Tocsg.Safe, Tocsg.Strings,
|
|
Tocsg.Process, Tocsg.Convert, GlobalDefine, Tocsg.Registry, Tocsg.Win32, System.DateUtils, Tocsg.DateTime, Tocsg.Network, Tocsg.Shell, Winapi.ActiveX, Tocsg.WinInfo;
|
|
|
|
const
|
|
LOCKABLES: array [0..4] of String = (
|
|
'C:\windows\system32\drivers\etc\hosts',
|
|
'C:\windows\system32\drivers\etc\lmhosts.sam',
|
|
'C:\windows\system32\drivers\etc\networks',
|
|
'C:\windows\system32\drivers\etc\protocol',
|
|
'C:\windows\system32\drivers\etc\services');
|
|
|
|
{ TThdVulSvc }
|
|
|
|
Constructor TThdVulSvc.Create(aVul: TVulnerabilityService);
|
|
begin
|
|
Inherited Create;
|
|
|
|
IgrBlockApps_ := TStringList.Create;
|
|
IgrBlockApps_.CaseSensitive := false;
|
|
|
|
bFirstCheck_ := true;
|
|
Vul_ := aVul;
|
|
dtVulTime_ := 0;
|
|
end;
|
|
|
|
Destructor TThdVulSvc.Destroy;
|
|
begin
|
|
FreeAndNil(IgrBlockApps_);
|
|
Inherited;
|
|
end;
|
|
|
|
procedure TThdVulSvc.Execute;
|
|
var
|
|
StrList: TStringList;
|
|
bIsLockable: Boolean;
|
|
F1, F2, F3, F4, F5: TFileStream;
|
|
NewRefreshView,
|
|
OldRefreshView: TCheckRefreshView;
|
|
ShdFldList,
|
|
ChkShdFldList: TSharedFolder;
|
|
sComName: String;
|
|
PrefModel: TPrefModel;
|
|
|
|
function CheckRefreshView(aNew, aOld: TCheckRefreshView): Boolean; inline;
|
|
begin
|
|
Result := false;
|
|
with aNew do
|
|
begin
|
|
if aOld.BS1ModeKind <> BS1ModeKind then exit;
|
|
if aOld.NicService_GetIP <> NicService_GetIP then exit;
|
|
if aOld.AgentModel_EmpNo <> AgentModel_EmpNo then exit;
|
|
if aOld.AgentModel_Location <> AgentModel_Location then exit;
|
|
// if aOld.PrefModel_SoftwareControlType <> PrefModel_SoftwareControlType then exit;
|
|
if aOld.IsServiceAvailable <> IsServiceAvailable then exit;
|
|
if aOld.PrefModel_WhiteApp <> PrefModel_WhiteApp then exit;
|
|
if aOld.PrefModel_BlackApp <> PrefModel_BlackApp then exit;
|
|
if aOld.PrefModel_IsMasking <> PrefModel_IsMasking then exit;
|
|
if aOld.PrefModel_FileMon <> PrefModel_FileMon then exit;
|
|
if aOld.PrefModel_FileBlock <> PrefModel_FileBlock then exit;
|
|
if aOld.PrefModel_IsWaterMark <> PrefModel_IsWaterMark then exit;
|
|
if aOld.PrefModel_PrinterEnableType <> PrefModel_PrinterEnableType then exit;
|
|
if aOld.PrefModel_MtpEnable <> PrefModel_MtpEnable then exit;
|
|
if aOld.PrefModel_BlueEnable <> PrefModel_BlueEnable then exit;
|
|
if aOld.PrefModel_WebbMonKind <> PrefModel_WebbMonKind then exit;
|
|
if aOld.PrefModel_CapAppMonKind <> PrefModel_CapAppMonKind then exit;
|
|
if aOld.PrefModel_PwChkTerm <> PrefModel_PwChkTerm then exit;
|
|
if aOld.PrefModel_NotiType <> PrefModel_NotiType then exit;
|
|
if aOld.PrefModel_NotiKind <> PrefModel_NotiKind then exit;
|
|
if aOld.PrefModel_AfterLock <> PrefModel_AfterLock then exit;
|
|
if aOld.PrefModel_AfterShutdown <> PrefModel_AfterShutdown then exit;
|
|
if aOld.PrefModel_DefPortEnable <> PrefModel_DefPortEnable then exit;
|
|
if AoLD.PrefModel_AppInstKind <> PrefModel_AppInstKind then exit;
|
|
if aOld.PrefModel_ExtraPortEnableType <> PrefModel_ExtraPortEnableType then exit;
|
|
if aOld.PrefModel_IsLogoDisplay <> PrefModel_IsLogoDisplay then exit;
|
|
if aOld.PrefModel_ScreenLogoAlpha <> PrefModel_ScreenLogoAlpha then exit;
|
|
if aOld.PrefModel_UsbEnable <> PrefModel_UsbEnable then exit;
|
|
if aOld.PrefModel_IsOsPatchCheck <> PrefModel_IsOsPatchCheck then exit;
|
|
// if aOld.PrefModel_SleepBlockType <> PrefModel_SleepBlockType then exit;
|
|
if aOld.PrefModel_NetworkBlockType <> PrefModel_NetworkBlockType then exit;
|
|
if aOld.PrefModel_HostEnable <> PrefModel_HostEnable then exit;
|
|
if aOld.PrefModel_RouteEnable <> PrefModel_RouteEnable then exit;
|
|
if aOld.PrefModel_IsClipboardEnable <> PrefModel_IsClipboardEnable then exit;
|
|
|
|
if aOld.PrefModel_OutAttBlk <> PrefModel_OutAttBlk then exit;
|
|
if aOld.PrefModel_WebbAttBlk <> PrefModel_WebbAttBlk then exit;
|
|
if aOld.PrefModel_EtcAttBlk <> PrefModel_EtcAttBlk then exit;
|
|
if aOld.PrefModel_FdRename <> PrefModel_FdRename then exit;
|
|
if aOld.PrefModel_FRename <> PrefModel_FRename then exit;
|
|
if aOld.PrefModel_SharedFolder <> PrefModel_SharedFolder then exit;
|
|
|
|
if aOld.PrefModel_IsEmpVerify <> PrefModel_IsEmpVerify then exit;
|
|
if aOld.PrefModel_ForceScreenLockMin <> PrefModel_ForceScreenLockMin then exit;
|
|
if aOld.PreFModel_WifiCtrlKind <> PreFModel_WifiCtrlKind then exit;
|
|
if aOld.PrefModel_IsEnableCheck <> PrefModel_IsEnableCheck then exit;
|
|
if aOld.IsConnStatus <> IsConnStatus then exit;
|
|
|
|
if aOld.PrefModel_VulOsVersion <> PrefModel_VulOsVersion then exit;
|
|
if aOld.PrefModel_VulAntiVirus <> PrefModel_VulAntiVirus then exit;
|
|
if aOld.PrefModel_VulPassword <> PrefModel_VulPassword then exit;
|
|
if aOld.PrefModel_VulScreenSaver <> PrefModel_VulScreenSaver then exit;
|
|
if aOld.PrefModel_VulFirewall <> PrefModel_VulFirewall then exit;
|
|
|
|
if aOld.PrefModel_IsShowPolicy <> PrefModel_IsShowPolicy then exit;
|
|
if aOld.PrefModel_IsShowAInfo <> PrefModel_IsShowAInfo then exit;
|
|
if aOld.PrefModel_WifiPublicBlock <> PrefModel_WifiPublicBlock then exit;
|
|
if aOld.VulService_AccessStatus <> VulService_AccessStatus then exit;
|
|
if aOld.VulService_AvInfo_Name <> VulService_AvInfo_Name then exit;
|
|
if aOld.VulService_FwInfo_Name <> VulService_FwInfo_Name then exit;
|
|
if aOld.VulService_WindowsAccount <> VulService_WindowsAccount then exit;
|
|
if aOld.VulService_OsVersion <> VulService_OsVersion then exit;
|
|
if aOld.VulService_IsSafeMode <> VulService_IsSafeMode then exit;
|
|
if aOld.VulService_IsOsPatchUptoDate <> VulService_IsOsPatchUptoDate then exit;
|
|
if aOld.VulService_IsOsSafe <> VulService_IsOsSafe then exit;
|
|
if aOld.VulService_IsPasswordSet <> VulService_IsPasswordSet then exit;
|
|
if aOld.VulService_IsPasswordSetTermOk <> VulService_IsPasswordSetTermOk then exit;
|
|
if aOld.VulService_IsScreenSaverSet <> VulService_IsScreenSaverSet then exit;
|
|
if aOld.VulService_IsAntiVirusUpToDate <> VulService_IsAntiVirusUpToDate then exit;
|
|
if aOld.VulService_IsFirewallOn <> VulService_IsFirewallOn then exit;
|
|
end;
|
|
Result := true;
|
|
end;
|
|
|
|
function ExtrProcessList(sList: String): Integer;
|
|
begin
|
|
StrList.Clear;
|
|
Result := 0;
|
|
if sList = '' then
|
|
exit;
|
|
|
|
if sList.Contains(MODEL_SEPARATOR) then
|
|
Result := SplitString(sList, MODEL_SEPARATOR, StrList)
|
|
else if sList.Contains(';') then
|
|
Result := SplitString(sList, ';', StrList)
|
|
else
|
|
// if sList.Contains(',') then
|
|
Result := SplitString(sList, ',', StrList);
|
|
end;
|
|
|
|
procedure DoLockFile(sPath: String; var aFile: TFileStream);
|
|
begin
|
|
if aFile <> nil then
|
|
exit;
|
|
|
|
if not FileExists(sPath) then
|
|
exit;
|
|
|
|
try
|
|
aFile := TFileStream.Create(sPath, fmOpenRead or fmShareDenyWrite);
|
|
except
|
|
on E: Exception do
|
|
ETgException.TraceException(E, Format('Fail .. DoLockFile() .. Path="%s"', [sPath]));
|
|
end;
|
|
end;
|
|
|
|
procedure ControlLockable;
|
|
begin
|
|
// CreateFile()
|
|
// LockFile()
|
|
// UnlockFile()
|
|
// CloseHandle()
|
|
if bIsLockable then
|
|
begin
|
|
DoLockFile(LOCKABLES[0], F1);
|
|
DoLockFile(LOCKABLES[1], F2);
|
|
DoLockFile(LOCKABLES[2], F3);
|
|
DoLockFile(LOCKABLES[3], F4);
|
|
DoLockFile(LOCKABLES[4], F5);
|
|
end else begin
|
|
if F1 <> nil then FreeAndNil(F1);
|
|
if F2 <> nil then FreeAndNil(F2);
|
|
if F3 <> nil then FreeAndNil(F3);
|
|
if F4 <> nil then FreeAndNil(F4);
|
|
if F5 <> nil then FreeAndNil(F5);
|
|
end;
|
|
end;
|
|
|
|
procedure PolicySyncService;
|
|
var
|
|
bWhiteAppOk,
|
|
bIsHostEnable: Boolean;
|
|
i: Integer;
|
|
sProcListB,
|
|
sProcListW: String;
|
|
ShdFldKind: TShareFolderKind;
|
|
PO: TPrefModel;
|
|
begin
|
|
if (gMgSvc = nil) or (PrefModel = nil) then
|
|
exit;
|
|
|
|
PO := gMgSvc.ModePolicy;
|
|
bIsHostEnable := PO.HostEnable;
|
|
if IsHostDisable then
|
|
bIsHostEnable := false;
|
|
|
|
with Vul_ do
|
|
begin
|
|
ShdFldKind := PO.ShareFolder;
|
|
if ShdFldKind <> sfkNone then
|
|
begin
|
|
var sData: String := '';
|
|
if ShdFldKind = sfkAllBlock then
|
|
begin
|
|
if ShdFldList = nil then
|
|
ShdFldList := TSharedFolder.Create(true, sComName, true)
|
|
else
|
|
ShdFldList.UpdateShdFldList(true);
|
|
|
|
for i := 0 to ShdFldList.Count - 1 do
|
|
begin
|
|
if IsIgnoreDefNetShare and
|
|
(ShdFldList[i].sName.Length > 1) and (ShdFldList[i].sName[ShdFldList[i].sName.Length] = '$') then continue; // USB 드라이브 기본 공유 예외 "E$" 24_0620 16:59:01 kku
|
|
|
|
// 프린터 공유는 차단 예외 24_0702 17:43:11 kku
|
|
if Pos(',LOCALSPLONLY', ShdFldList[i].sPath.ToUpper) > 0 then
|
|
continue;
|
|
|
|
ExecutePath_hide('net', Format('share "%s" /delete', [ShdFldList[i].sName]));
|
|
gMgSvc.SendEventLog(URI_USER_ACTION, PREVENT_NETSHAREFOLDER,
|
|
Format('Name : %s, Path : %s', [ShdFldList[i].sName, ShdFldList[i].sPath]));
|
|
|
|
SumString(sData, Format('%s : %s', [RS_SharedName, ShdFldList[i].sName]), #13#10#13#10);
|
|
SumString(sData, Format('%s : %s', [RS_FolderName, ShdFldList[i].sPath]), #13#10);
|
|
end;
|
|
|
|
if (sData <> '') and (CUSTOMER_TYPE <> CUSTOMER_SERVE1) then // 서브원은 알림 안뜨게함 24_0807 13:13:55 kku
|
|
begin
|
|
if IsDivPopup then
|
|
begin
|
|
if PO.ShareFldBlockPopup then
|
|
gMgSvc.PopupMessage(TYPE_MSG_PREVENT_SHAREDFOLDER, sData + '|PV');
|
|
end else
|
|
gMgSvc.PopupMessage(TYPE_MSG_PREVENT_SHAREDFOLDER, sData + '|PV');
|
|
end;
|
|
end else begin
|
|
if ShdFldList <> nil then
|
|
begin
|
|
if ChkShdFldList = nil then
|
|
ChkShdFldList := TSharedFolder.Create(true, sComName, true);
|
|
|
|
for i := 0 to ChkShdFldList.Count - 1 do
|
|
begin
|
|
if IsIgnoreDefNetShare and
|
|
(ChkShdFldList[i].sName.Length > 1) and (ChkShdFldList[i].sName[ChkShdFldList[i].sName.Length] = '$') then continue; // USB 드라이브 기본 공유 예외 "E$" 24_0620 16:59:01 kku
|
|
|
|
// 프린터 공유는 차단 예외 24_0702 17:43:11 kku
|
|
if Pos(',LOCALSPLONLY', ChkShdFldList[i].sPath.ToUpper) > 0 then
|
|
continue;
|
|
|
|
if not ShdFldList.ExistsSharedFolder(ChkShdFldList[i].sPath) then
|
|
begin
|
|
// case ShdFldKind of
|
|
// sfkAddBlock,
|
|
// sfkPopup:
|
|
// begin
|
|
SumString(sData, Format('%s : %s', [RS_SharedName, ChkShdFldList[i].sName]), #13#10#13#10);
|
|
SumString(sData, Format('%s : %s', [RS_FolderName, ChkShdFldList[i].sPath]), #13#10);
|
|
// end;
|
|
// end;
|
|
|
|
if ShdFldKind = sfkAddBlock then
|
|
ExecutePath_hide('net', Format('share "%s" /delete', [ChkShdFldList[i].sName]))
|
|
else begin
|
|
case CUSTOMER_TYPE of
|
|
CUSTOMER_DEV,
|
|
CUSTOMER_DEMO :
|
|
begin
|
|
if RemoveEveryoneFromShare(ChkShdFldList[i].sName) then
|
|
_Trace('"%s" 공유폴더의 Everyone 권한 삭제됨', [ChkShdFldList[i].sName], 1)
|
|
else
|
|
_Trace('"%s" 공유폴더의 Everyone 권한 삭제 실패 .. Error=%d', [ChkShdFldList[i].sName, GetLastError], 1);
|
|
end;
|
|
end;
|
|
end;
|
|
|
|
gMgSvc.SendEventLog(URI_USER_ACTION, MONITOR_NETSHAREFOLDER,
|
|
Format('Name : %s, Path : %s', [ChkShdFldList[i].sName, ChkShdFldList[i].sPath]), false);
|
|
end;
|
|
end;
|
|
|
|
if (sData <> '') and (CUSTOMER_TYPE <> CUSTOMER_SERVE1) then // 서브원은 알림 안뜨게함 24_0807 13:13:55 kku
|
|
begin
|
|
if ShdFldKind = sfkAddBlock then
|
|
sData := sData + '|PV';
|
|
|
|
if IsDivPopup then
|
|
begin
|
|
if ((ShdFldKind = sfkAddBlock) and PO.ShareFldBlockPopup) or
|
|
((ShdFldKind <> sfkAddBlock) and PO.ShareFldAllowPopup) then
|
|
gMgSvc.PopupMessage(TYPE_MSG_PREVENT_SHAREDFOLDER, sData);
|
|
end else
|
|
if ShdFldKind = sfkPopup then
|
|
gMgSvc.PopupMessage(TYPE_MSG_PREVENT_SHAREDFOLDER, sData);
|
|
end;
|
|
|
|
FreeAndNil(ShdFldList);
|
|
ShdFldList := ChkShdFldList;
|
|
ChkShdFldList := nil;
|
|
end else
|
|
ShdFldList := TSharedFolder.Create(true, sComName);
|
|
end;
|
|
end else begin
|
|
if ShdFldList <> nil then
|
|
FreeAndNil(ShdFldList);
|
|
if ChkShdFldList <> nil then
|
|
FreeAndNil(ChkShdFldList);
|
|
end;
|
|
|
|
// if (gMgSvc.HeModeKind <> hmkSleep) and not IsNoPreventCaptureApp then
|
|
// TerminateProcessFromList(DefBlockApps_, IgrBlockApps_);
|
|
|
|
if PO.IsDefPortBlock and not bIsDefaultPortBlock_ then
|
|
gMgSvc.SendEventLog(URI_USER_ACTION, LOGCODE_PREVENT_PORT, 'Port Blocked');
|
|
|
|
// bIsPrintBlock_ := gMgSvc.ModePolicy.IsPrinterEnable;
|
|
bIsDefaultPortBlock_ := PO.IsDefPortBlock;
|
|
FileMon_ := PO.FileMon;
|
|
FileBlock_ := PO.FileBlock;
|
|
bIsFileMasking_ := PO.IsMasking;
|
|
bIsWatermark_ := PO.IsWaterMark;
|
|
|
|
// 다중 정책 적용으로 아래 조건 무시 22_0801 15:45:05 kku
|
|
// if ( gMgSvc.IsServiceAvailable and
|
|
// (bIsSafeMode_ or gMgSvc.IsTemporaryConn)
|
|
// ) then
|
|
begin
|
|
bWhiteAppOk := true;
|
|
|
|
// 화이트리스트는 보안모드 정책만 참조 22_0803 16:38:05 kku
|
|
sProcListW := PrefModel.SoftwareListW;
|
|
|
|
// 화이트리스트 앱 차단은 VPN Client로 보안모드 진입했을때만 적용 22_0620 10:54:36 kku
|
|
if Vul_.bIsVpnOn_ and PrefModel.IsMustSecuApp and (sProcListW <> '') then
|
|
begin
|
|
// 보안모드 해제 불가인 경우에 위반 시 취약모드로 들어가도록 다시 수정 22_0822 08:00:20 kku
|
|
// if not gMgSvc.IsSafeExitImpossible and
|
|
if ExtrProcessList(sProcListW) > 0 then
|
|
begin
|
|
// 화이트 리스트 차단 - 필수 프로그램 미실행 시 차단
|
|
var bNoExecute: Boolean := false;
|
|
for i := 0 to StrList.Count - 1 do
|
|
begin
|
|
if GetProcessPidByName(StrList[i]) = 0 then
|
|
begin
|
|
bNoExecute := true;
|
|
break;
|
|
end;
|
|
end;
|
|
|
|
if bNoExecute then
|
|
begin
|
|
bWhiteAppOk := false;
|
|
|
|
if bIsWhiteApp_ then
|
|
begin
|
|
gMgSvc.PopupMessage(TYPE_MSG_PREVENT_WHITEAPP, StrList[i]);
|
|
gMgSvc.SendEventLog(URI_USER_ACTION, LOGCODE_PREVENT_WHITELISTAPP,
|
|
Format('MustApp : "%s" not launched', [StrList[i]]));
|
|
|
|
_Trace('Not found MustApp .. Name="%s"', [StrList[i]], 1);
|
|
|
|
if PrefModel.IsTemporaryConn and bUseTempConn_ and
|
|
not gMgSvc.IsTemporaryConn then
|
|
begin
|
|
Vul_.TryExitSafeMode(true);
|
|
end;
|
|
// Vul_.SetDisconnect(true, true);
|
|
end;
|
|
end;
|
|
end;
|
|
end;
|
|
|
|
if bIsWhiteApp_ <> bWhiteAppOk then
|
|
bIsWhiteApp_ := bWhiteAppOk;
|
|
|
|
if not bIsLockable and bIsHostEnable then
|
|
begin
|
|
bIsLockable := true;
|
|
ControlLockable;
|
|
end else
|
|
if bIsLockable and not bIsHostEnable then
|
|
begin
|
|
bIsLockable := false;
|
|
ControlLockable;
|
|
end;
|
|
end;
|
|
end;
|
|
end;
|
|
|
|
function IsAntiVirusSet: Boolean;
|
|
var
|
|
sUpto: String;
|
|
begin
|
|
Result := false;
|
|
if Vul_.AvInfo_ = nil then
|
|
exit;
|
|
|
|
sUpto := LowerCase(Trim(Vul_.AvInfo_.Status));
|
|
if sUpto = '' then
|
|
exit;
|
|
|
|
// Result := (sUpto = 'up-to-date') and Vul_.AvInfo_.IsState;
|
|
Result := sUpto.Contains('up') and sUpto.Contains('date') and Vul_.AvInfo_.IsState;
|
|
end;
|
|
|
|
function GetSafeStatus(var aSafeSate: TSafeState): Boolean;
|
|
var
|
|
nVulWaitSec: Integer;
|
|
begin
|
|
with Vul_ do
|
|
begin
|
|
if not PrefModel.IsEnableCheck then
|
|
Exit(true);
|
|
|
|
// bIsPatchUptoDate_ 체크는 별도로 한다. "팝업만" 설정 관련 22_0609 16:51:51 kku
|
|
// if PrefModel.IsOsPatchCheck then
|
|
// Result := bIsPasswordSet_ and bIsAvUptoDate_ and bIsFwSet_ and
|
|
// bIsScreenSaverSet_ and bIsAllowAccess_ and bIsOsSafe_ and
|
|
// bIsPatchUptoDate_
|
|
// else
|
|
with aSafeSate do
|
|
begin
|
|
Result := bIsPasswordSet and bIsAvUptoDate and bIsFwSet and //not gMgSvc.IsRestricMac and
|
|
// bIsSafePersonalInfo and // 개인정보 취약점 추가 22_1114 08:14:52 kku // 취약 시 보안모드 차단이 기본이 아니라 별도 처리 22_1114 08:29:06 kku
|
|
bIsScreenSaverSet and bIsAllowAccess and bIsOsSafe; // and bIsPatchUptoDate;
|
|
|
|
nVulWaitSec := PrefModel.VulDueTimeSec;
|
|
if not Result and (nVulWaitSec > 0) and
|
|
bIsAllowAccess and bIsOsSafe then
|
|
begin
|
|
// 취약시간 유지 추가 23_0419 09:13:08 kku
|
|
if dtVulTime_ = 0 then
|
|
begin
|
|
dtVulTime_ := Now;
|
|
Result := true;
|
|
end else
|
|
Result := SecondsBetween(dtVulTime_, Now) < nVulWaitSec;
|
|
|
|
if Result then
|
|
begin
|
|
bIsPasswordSet := true;
|
|
bIsAvUptoDate := true;
|
|
bIsFwSet := true;
|
|
bIsScreenSaverSet := true;
|
|
end;
|
|
end else
|
|
if dtVulTime_ <> 0 then
|
|
dtVulTime_ := 0;
|
|
end;
|
|
end;
|
|
end;
|
|
|
|
procedure GetVulnerability;
|
|
var
|
|
bIsCheckEnable,
|
|
bPrevCheck,
|
|
bIsPerInfoPopupOnly,
|
|
bIPwTermOkPopupOnly: Boolean;
|
|
OsPatchCheck: TOsPatchCheck;
|
|
app: TSecureApp;
|
|
nIdle, nMaxTime: Integer;
|
|
sTemp: String;
|
|
NewSafeState: TSafeState;
|
|
begin
|
|
// 보안 정보가 부팅후에 2분 뒤에 들어오는 현상이 있다... 그래서 일단 비활성
|
|
// WSC 관련 Security API는 부팅 후 2분전에 동작하지 않는다... 22_0513 13:04:27 kku
|
|
if (gMgSvc = nil) or not gMgSvc.HandleConfig.Updated then
|
|
exit;
|
|
|
|
// if IsUseRegUserSync then
|
|
// begin
|
|
// // LX국토정보공사 VPN 사번 동기화
|
|
// sTemp := GetRegValueAsString(HKEY_LOCAL_MACHINE, REG_HE, 'VpnConnect');
|
|
// if (sTemp <> '') and (sTemp <> gMgSvc.AgentModel.EmpNo) then
|
|
// begin
|
|
// _Trace('[01] 사번 변경, %s > %s', [gMgSvc.AgentModel.EmpNo, sTemp]);
|
|
// gMgSvc.AgentModel.EmpNo := sTemp;
|
|
// gMgSvc.AgentModel.Save;
|
|
// gMgSvc.UpdateAgentInfo;
|
|
// end;
|
|
// end;
|
|
|
|
bIsCheckEnable := PrefModel.IsEnableCheck;
|
|
with Vul_ do
|
|
begin
|
|
if sWindowsAccount_ = '' then
|
|
sWindowsAccount_ := gMgSvc.HandleConfig.UserName;
|
|
|
|
NewSafeState.bIsPasswordSet := not PrefModel.VulPassword or (gMgSvc.HandleConfig.IsPasswordSet or IsSkipPwd);
|
|
NewSafeState.bIsPasswordSetTermOk := not PrefModel.VulPassword or (gMgSvc.HandleConfig.IsPasswordSetTermOk or IsSkipPwd);
|
|
NewSafeState.bIsAllowAccess := PrefModel.IsAllowAccess and not gMgSvc.IsRestricMac; // and not gMgSvc.IsRestricDate;
|
|
NewSafeState.bIsSafePersonalInfo := not gMgSvc.IsSchRstVul;
|
|
|
|
sIdleTime_ := gMgSvc.HandleConfig.IdleTime;
|
|
NewSafeState.bIsScreenSaverSet := not PrefModel.VulScreenSaver or gMgSvc.HandleConfig.IsScreenSaver;
|
|
sOsVersion_ := gMgSvc.HandleConfig.OsVersion;
|
|
|
|
// 포인터 넘기면 나중에 참조할때 AV에러 날수 있어서 생성함 22_0420 14:42:35 kku
|
|
if AvInfo_ <> nil then FreeAndNil(AvInfo_);
|
|
app := gMgSvc.HandleSecurity.GetMainAv;
|
|
if app <> nil then AvInfo_ := TSecureApp.Create(app);
|
|
if FwInfo_ <> nil then FreeAndNil(FwInfo_);
|
|
app := gMgSvc.HandleSecurity.GetMainFw;
|
|
if app <> nil then FwInfo_ := TSecureApp.Create(app);
|
|
if AsInfo_ <> nil then FreeAndNil(AsInfo_);
|
|
app := gMgSvc.HandleSecurity.GetMainAs;
|
|
if app <> nil then AsInfo_ := TSecureApp.Create(app);
|
|
AvList_ := gMgSvc.HandleSecurity.AvList;
|
|
FwList_ := gMgSvc.HandleSecurity.FwList;
|
|
|
|
OsPatchCheck := PrefModel.OsPatchCheck;
|
|
NewSafeState.bIsOsSafe := not PrefModel.VulOsVersion or
|
|
( (sOsVersion_ <> '') and
|
|
(sOsVersion_.StartsWith('10') or sOsVersion_.StartsWith('11') or
|
|
sOsVersion_.StartsWith('12') or sOsVersion_.StartsWith('13')) );
|
|
NewSafeState.bIsAvUptoDate := not PrefModel.VulAntiVirus or IsAntiVirusSet;
|
|
NewSafeState.bIsAvSet := not PrefModel.VulAntiVirus or ( (AvInfo_ <> nil) and AvInfo_.IsState );
|
|
NewSafeState.bIsFwSet := not PrefModel.VulFirewall or ( (FwInfo_ <> nil) and FwInfo_.IsState );
|
|
if gMgSvc.IsServiceAvailable then
|
|
NewSafeState.bIsPatchUptoDate := SafeState_.bIsPatchUptoDate or gMgSvc.IsPatchUptoDate // 보안모드 상태에서도 상태 양호로 변경되도록 보완 22_0620 10:43:46 kku
|
|
else
|
|
NewSafeState.bIsPatchUptoDate := IsSkipOsPatch or
|
|
(OsPatchCheck = opcNone) or gMgSvc.IsPatchUptoDate;
|
|
|
|
bIsPerInfoPopupOnly := not PrefModel.IsScanBlock;
|
|
bIPwTermOkPopupOnly := (PrefModel.PwChkTerm = pctPopup) or (PrefModel.PwChkTerm = pctLog);
|
|
bPrevCheck := bIsSafeMode_ and
|
|
(SafeState_.bIsPatchUptoDate or (OsPatchCheck <> opcCheck)) and
|
|
(SafeState_.bIsSafePersonalInfo or bIsPerInfoPopupOnly) and
|
|
(SafeState_.bIsPasswordSetTermOk or bIPwTermOkPopupOnly);
|
|
|
|
bIsSafeMode_ := GetSafeStatus(NewSafeState);
|
|
|
|
if not bIsCheckEnable then
|
|
begin
|
|
bIsSafeMode_ := NewSafeState.bIsAllowAccess; // true; // "보안모드 허용" 상태를 상위 정책으로 변경 23_0614 16:06:25 kku
|
|
NewSafeState.bIsScreenSaverSet := true;
|
|
NewSafeState.bIsOsSafe := true;
|
|
NewSafeState.bIsAvUptoDate := true;
|
|
NewSafeState.bIsFwSet := true;
|
|
NewSafeState.bIsAvSet := true;
|
|
NewSafeState.bIsPatchUptoDate := true;
|
|
NewSafeState.bIsPasswordSet := true;
|
|
NewSafeState.bIsPasswordSetTermOk := true;
|
|
NewSafeState.bIsSafePersonalInfo := true;
|
|
// bIsWhiteApp_ := true; // 이거 넣으면 안된다. 필수앱은 취약점 점검과는 별도로 동작해야됨 23_0726 11:01:09 kku
|
|
// bIsAllowAccess_ := true;
|
|
end;
|
|
|
|
if (not bPrevCheck and bIsSafeMode_ and
|
|
(NewSafeState.bIsPatchUptoDate or (OsPatchCheck <> opcCheck)) and
|
|
(NewSafeState.bIsSafePersonalInfo or bIsPerInfoPopupOnly)) and
|
|
(NewSafeState.bIsPasswordSetTermOk or bIPwTermOkPopupOnly) then
|
|
begin
|
|
// 조치가 완료되어서 보안모드 진입 가능하다는 메시지 팝업
|
|
SafeState_ := NewSafeState;
|
|
gMgSvc.SendEventLog(URI_USER_ACTION, STATUS_CLEAN, 'Vulnerability : Clean');
|
|
gMgSvc.PopupMessage(TYPE_MSG_SAFEAPPLIED);
|
|
InitPopup;
|
|
end else
|
|
if CheckUnSafeState(NewSafeState) and // not bIsSafeMode_ and
|
|
(not gMgSvc.IsVpnClientON or gMgSvc.IsTemporaryConn) then // gMgSvc.IsSafeExitImpossible then
|
|
CallPopup;
|
|
|
|
if gMgSvc.IsServiceAvailable then
|
|
begin
|
|
if ( not SafeState_.bIsAllowAccess and
|
|
not gMgSvc.IsSafeExitImpossible ) or
|
|
( // IsUseAfterReport and // 사후 보고서 완료 체크 22_0608 08:45:42 kku
|
|
PrefModel.IsUseAfterReport and
|
|
MutexExists(MUTEX_AFTERREPORT) ) then
|
|
begin
|
|
if MutexExists(MUTEX_AFTERREPORT) then
|
|
gMgSvc.PopupMessage(TYPE_MSG_AFTERREPORT);
|
|
CallUnsafeProc(false);
|
|
end else
|
|
if IsSafeMode and IsWhiteApp then
|
|
begin
|
|
bIsVulMode_ := false;
|
|
if not SafeState_.bIsPatchUptoDate or
|
|
not SafeState_.bIsSafePersonalInfo or
|
|
not SafeState_.bIsPasswordSetTermOk then
|
|
begin
|
|
if not gMgSvc.IsTemporaryConn and
|
|
not gMgSvc.IsSafeExitImpossible and
|
|
( (not SafeState_.bIsPatchUptoDate and (OsPatchCheck = opcCheck)) or
|
|
(not SafeState_.bIsSafePersonalInfo and not bIsPerInfoPopupOnly) or
|
|
(not SafeState_.bIsPasswordSetTermOk and not bIPwTermOkPopupOnly) ) then
|
|
begin
|
|
CallUnsafeProc(true)
|
|
end else
|
|
if not bIsVpnOn_ then
|
|
begin
|
|
CallPopup(true); // OsPatchPopup
|
|
CallSafeProc;
|
|
end;
|
|
|
|
// 보안모드 사용중 30분 마다 팝업 추가 22_0609 08:36:30 kku
|
|
if not SafeState_.bIsPatchUptoDate and
|
|
((dwOsPatchPopupTick_ = 0) or
|
|
(IsOsPatchPopup30Min and ((GetTickCount - dwOsPatchPopupTick_) >= 1800000))) then
|
|
begin
|
|
dwOsPatchPopupTick_ := GetTickCount;
|
|
if OsPatchCheck <> opcLog then
|
|
gMgSvc.PopupMessage(TYPE_MSG_VUL_OS);
|
|
end;
|
|
end else
|
|
CallSafeProc;
|
|
end else begin
|
|
if not gMgSvc.IsTemporaryConn then
|
|
begin
|
|
if PrefModel.IsTemporaryConn and not bUseTempConn_ then
|
|
begin
|
|
// 임시 보안모드 정책이 있고, 이번 접속에 사용한 적이 없다면 22_0613 14:00:36 kku
|
|
gMgSvc.SetTemporaryConn(true);
|
|
SetUseTempConn(true);
|
|
CallSafeProc;
|
|
end else
|
|
if gMgSvc.IsSafeExitImpossible then
|
|
begin
|
|
// VPN Client로 보안모드 진입이 아닐 경우 취약상태여도 무조건 보안모드로 진입 22_0621 07:45:41 kku
|
|
if not bIsVulMode_ then
|
|
begin
|
|
bIsVulMode_ := true;
|
|
TryExitSafeMode(true); // "보안모드 종료시 제어" 시도
|
|
InitPopup; // 취약점 메시지 팝업 되도록 추가 24_1014 16:47:47 kku
|
|
end else
|
|
CallPopup;
|
|
|
|
CallSafeProc;
|
|
end else
|
|
CallUnsafeProc(true);
|
|
end else
|
|
CallSafeProc;
|
|
end;
|
|
end else
|
|
if bIsVpnOn_ then
|
|
begin
|
|
CallUnsafeProc(false);
|
|
end;
|
|
|
|
// 아래로 옮김 22_0613 14:21:17 kku
|
|
// sTemp := PrefModel.AllowConn;
|
|
if not SafeState_.bIsAllowAccess then
|
|
begin
|
|
if gMgSvc.IsRestricMac then
|
|
begin
|
|
sAccessStatus_ := RS_CONNECTION_NOTALLOWED_MAC;
|
|
end else
|
|
// if gMgSvc.IsRestricDate then
|
|
// begin
|
|
// sAccessStatus_ := RS_CONNECTION_NOTALLOWED_DATE;
|
|
// end else
|
|
// 접속 허용과 날짜만료를 OR 조건으로 변경했기 때문에
|
|
// gMgSvc.IsRestricDate = false라면 접속 허용으로 표시 해줘야 한다. 22_1116 08:35:30 kku
|
|
sAccessStatus_ := RS_CONNECTION_NOTALLOWED;
|
|
end else
|
|
sAccessStatus_ := RS_CONNECTION_ALLOW;
|
|
// PrefModel.AllowConn 참조 사용하지 않음 22_1116 08:58:48 kku
|
|
// if sTemp.ToLower = 'true' then
|
|
// begin
|
|
// sAccessStatus_ := RS_CONNECTION_ALLOW;
|
|
// end else
|
|
// if sTemp.ToLower = 'false' then
|
|
// begin
|
|
// sAccessStatus_ := RS_CONNECTION_NOTALLOWED;
|
|
// end else
|
|
// if sTemp <> '' then
|
|
// begin
|
|
// if CUSTOMER_TYPE = CUSTOMER_KR then
|
|
// sAccessStatus_ := RS_CONNECTION_ALLOW // KR에서는 사번값이 들어가서 무조건 "접속 허용"으로 보이도록 보완 22_0922 10:46:52 kku
|
|
// else
|
|
// sAccessStatus_ := Format('%s - %s', [RS_CONNECTION_TEMP, sTemp])
|
|
// end else
|
|
// sAccessStatus_ := RS_CONNECTION_TEMP;
|
|
|
|
with NewRefreshView do
|
|
begin
|
|
BS1ModeKind := Integer(gMgSvc.HeModeKind);
|
|
NicService_GetIP := gMgSvc.NicService.GetIP;
|
|
AgentModel_EmpNo := gMgSvc.AgentModel.EmpNo;
|
|
AgentModel_Location := gMgSvc.AgentModel.Location;
|
|
// PrefModel_SoftwareControlType := gMgSvc.ModePolicy.SoftwareControlType;
|
|
IsServiceAvailable := gMgSvc.IsServiceAvailable;
|
|
PrefModel_WhiteApp := PrefModel.IsMustSecuApp;
|
|
PrefModel_BlackApp := gMgSvc.ModePolicy.IsBlockApp;
|
|
PrefModel_IsMasking := gMgSvc.ModePolicy.IsMasking;
|
|
PrefModel_FileMon := Integer(gMgSvc.ModePolicy.FileMon.Kind);
|
|
PrefModel_FileBlock := Integer(gMgSvc.ModePolicy.FileBlock.Kind);
|
|
PrefModel_IsWaterMark := gMgSvc.ModePolicy.IsWaterMark;
|
|
PrefModel_PrinterEnableType := Integer(gMgSvc.ModePolicy.Print.PrintKind);
|
|
PrefModel_MtpEnable := Integer(gMgSvc.ModePolicy.MtpBlockKind);
|
|
PrefModel_BlueEnable := Integer(gMgSvc.ModePolicy.BlueBlockKind);
|
|
PrefModel_WebbMonKind := Integer(gMgSvc.ModePolicy.WebbMonKind);
|
|
PrefModel_CapAppMonKind := Integer(gMgSvc.ModePolicy.CapAppMonKind);
|
|
PrefModel_PwChkTerm := Integer(PrefModel.PwChkTerm);
|
|
PrefModel_NotiType := Integer(gMgSvc.ModePolicy.NotifyType);
|
|
PrefModel_NotiKind := Integer(gMgSvc.ModePolicy.NotifyKind);
|
|
PrefModel_AfterLock := Integer(gMgSvc.PrefModel.ScreenLockKind);
|
|
PrefModel_AfterShutdown := gMgSvc.PrefModel.ForceShutdownMin;
|
|
PrefModel_DefPortEnable := gMgSvc.ModePolicy.IsDefPortBlock;
|
|
PrefModel_AppInstKind := Integer(gMgSvc.ModePolicy.AppInstKind);
|
|
PrefModel_ExtraPortEnableType := gMgSvc.ModePolicy.ExtraPortEnableType;
|
|
PrefModel_IsLogoDisplay := Integer(gMgSvc.ModePolicy.ScreenLogo);
|
|
PrefModel_ScreenLogoAlpha := gMgSvc.ModePolicy.ScreenLogoAlpha;
|
|
PrefModel_UsbEnable := Integer(gMgSvc.ModePolicy.UsbBlockKind);
|
|
PrefModel_IsOsPatchCheck := Integer(PrefModel.OsPatchCheck);
|
|
// PrefModel_SleepBlockType := gMgSvc.ModePolicy.SleepBlockType;
|
|
PrefModel_NetworkBlockType := gMgSvc.ModePolicy.NetworkBlockType;
|
|
PrefModel_HostEnable := gMgSvc.ModePolicy.HostEnable;
|
|
PrefModel_RouteEnable := gMgSvc.ModePolicy.RouteEnable;
|
|
PrefModel_IsClipboardEnable := Integer(gMgSvc.ModePolicy.ClipBlockKind);
|
|
PrefModel_OutAttBlk := Integer(gMgSvc.ModePolicy.OutlookAB.Kind);
|
|
PrefModel_WebbAttBlk := Integer(gMgSvc.ModePolicy.WebbAB.Kind);
|
|
PrefModel_EtcAttBlk := Integer(gMgSvc.ModePolicy.EtcAB.Kind);
|
|
PrefModel_FdRename := Integer(gMgSvc.ModePolicy.BlockFdRename);
|
|
PrefModel_FRename := Integer(gMgSvc.ModePolicy.BlockFRename);
|
|
PrefModel_SharedFolder := Integer(gMgSvc.ModePolicy.ShareFolder);
|
|
PrefModel_IsEmpVerify := PrefModel.IsEmpVerify;
|
|
PrefModel_ForceScreenLockMin := gMgSvc.PrefModel.ForceScreenLockMin;
|
|
PreFModel_WifiCtrlKind := Integer(gMgSvc.ModePolicy.WifiCtrlKind);
|
|
PrefModel_WifiPublicBlock := gMgSvc.ModePolicy.IsWifiPublicBlock;
|
|
PrefModel_IsShowPolicy := PrefModel.IsShowPolicy;
|
|
PrefModel_IsShowAInfo := PrefModel.IsShowAInfo;
|
|
PrefModel_IsEnableCheck := PrefModel.IsEnableCheck;
|
|
PrefModel_VulOsVersion := PrefModel.VulOsVersion;
|
|
PrefModel_VulAntiVirus := PrefModel.VulAntiVirus;
|
|
PrefModel_VulPassword := PrefModel.VulPassword;
|
|
PrefModel_VulScreenSaver := PrefModel.VulScreenSaver;
|
|
PrefModel_VulFirewall := PrefModel.VulFirewall;
|
|
IsConnStatus := gMgSvc.Connected;
|
|
|
|
VulService_AccessStatus := Vul_.sAccessStatus_;
|
|
if Vul_.AvInfo_ <> nil then
|
|
VulService_AvInfo_Name := Vul_.AvInfo_.Name
|
|
else
|
|
VulService_AvInfo_Name := '';
|
|
if Vul_.FwInfo_ <> nil then
|
|
VulService_FwInfo_Name := Vul_.FwInfo_.Name
|
|
else
|
|
VulService_FwInfo_Name := '';
|
|
VulService_WindowsAccount := Vul_.WindowsAccount;
|
|
VulService_OsVersion := Vul_.OsVersion;
|
|
VulService_IsSafeMode := Vul_.IsSafeMode and Vul_.bIsWhiteApp_;
|
|
VulService_IsOsPatchUptoDate := Vul_.IsOsPatchUptoDate;
|
|
VulService_IsOsSafe := Vul_.IsOsSafe;
|
|
VulService_IsPasswordSet := Vul_.IsPasswordSet;
|
|
VulService_IsPasswordSetTermOk := Vul_.IsPasswordSetTermOk;
|
|
VulService_IsScreenSaverSet := Vul_.IsScreenSaverSet;
|
|
VulService_IsAntiVirusUpToDate := Vul_.IsAntiVirusUpToDate;
|
|
VulService_IsFirewallOn := Vul_.IsFirewallOn;
|
|
end;
|
|
|
|
if not CheckRefreshView(NewRefreshView, OldRefreshView) then
|
|
begin
|
|
OldRefreshView := NewRefreshView;
|
|
gMgSvc.RefreshView;
|
|
end;
|
|
end;
|
|
end;
|
|
|
|
begin
|
|
ZeroMemory(@NewRefreshView, SizeOf(NewRefreshView));
|
|
ZeroMemory(@OldRefreshView, SizeOf(OldRefreshView));
|
|
Guard(StrList, TStringList.Create);
|
|
bIsLockable := false;
|
|
F1 := nil; F2 := nil; F3 := nil;
|
|
F4 := nil; F5 := nil;
|
|
PrefModel := nil;
|
|
sComName := GetComName;
|
|
CoInitialize(nil);
|
|
try
|
|
ShdFldList := nil;
|
|
ChkShdFldList := nil;
|
|
while not Terminated and not GetWorkStop do
|
|
begin
|
|
try
|
|
PrefModel := gMgSvc.PrefModel;
|
|
GetVulnerability;
|
|
|
|
// PolicySyncService에서 하는 작업을 여기서 처리해준다. 22_0422 08:47:07 kku
|
|
PolicySyncService;
|
|
|
|
Sleep(1000);
|
|
except
|
|
on E: Exception do
|
|
ETgException.TraceException(Self, E, 'Fail .. Execute()');
|
|
end;
|
|
end;
|
|
finally
|
|
if F1 <> nil then FreeAndNil(F1);
|
|
if F2 <> nil then FreeAndNil(F2);
|
|
if F3 <> nil then FreeAndNil(F3);
|
|
if F4 <> nil then FreeAndNil(F4);
|
|
if F5 <> nil then FreeAndNil(F5);
|
|
|
|
if ShdFldList <> nil then
|
|
FreeAndNil(ShdFldList);
|
|
|
|
if ChkShdFldList <> nil then
|
|
FreeAndNil(ChkShdFldList);
|
|
CoUninitialize;
|
|
end;
|
|
end;
|
|
|
|
{ TVulnerabilityService }
|
|
|
|
Constructor TVulnerabilityService.Create;
|
|
begin
|
|
Inherited Create;
|
|
|
|
sOsVersion_ := '10.0';
|
|
bIsSafeMode_ := true;
|
|
SafeState_.bIsScreenSaverSet := true;
|
|
SafeState_.bIsPasswordSet := true;
|
|
SafeState_.bIsPasswordSetTermOk := true;
|
|
SafeState_.bIsSafePersonalInfo := true;
|
|
SafeState_.bIsOsSafe := true;
|
|
SafeState_.bIsAvUptoDate := true;
|
|
SafeState_.bIsFwSet := true;
|
|
SafeState_.bIsAvSet := true;
|
|
SafeState_.bIsPatchUptoDate := true;
|
|
SafeState_.bIsAllowAccess := true;
|
|
bIsWhiteApp_ := true;
|
|
|
|
sScreenTime_ := '';
|
|
sIdleTime_ := '';
|
|
bIsVpnOn_ := false;
|
|
bIsVulMode_ := false;
|
|
dwVpnOnTick_ := 0;
|
|
bIsDefaultPortBlock_ := false;
|
|
ZeroMemory(@FileMon_, SizeOf(FileMon_));
|
|
ZeroMemory(@FileBlock_, SizeOf(FileBlock_));
|
|
bIsFileMasking_ := false;
|
|
bIsWatermark_ := false;
|
|
bIsForceDisconnect_ := false;
|
|
sEulaData_ := '';
|
|
sAccessStatus_ := RS_CONNECTION_ALLOW;
|
|
AvList_ := nil;
|
|
FwList_ := nil;
|
|
AvInfo_ := nil;
|
|
AsInfo_ := nil;
|
|
FwInfo_ := nil;
|
|
|
|
bIsPatchUptoDate_Pop_ := false;
|
|
bIsPasswordSet_Pop_ := false;
|
|
bIsPasswordSetTermOk_Pop_ := false;
|
|
bIsSafePersonalInfo_Pop_ := false;
|
|
bIsAvUptoDate_Pop_ := false;
|
|
bIsFwSet_Pop_ := false;
|
|
bIsScreenSaverSet_Pop_ := false;
|
|
bIsAllowAccess_Pop_ := false;
|
|
bIsOsSafe_Pop_ := false;
|
|
bUseTempConn_ := false;
|
|
|
|
dwOsPatchPopupTick_ := 0;
|
|
dwUnsafeActionTick_ := 0;
|
|
|
|
ThdVulSvc_ := TThdVulSvc.Create(Self);
|
|
ThdVulSvc_.StartThread;
|
|
end;
|
|
|
|
Destructor TVulnerabilityService.Destroy;
|
|
begin
|
|
FreeAndNil(ThdVulSvc_);
|
|
if AvInfo_ <> nil then
|
|
FreeAndNil(AvInfo_);
|
|
if AsInfo_ <> nil then
|
|
FreeAndNil(AsInfo_);
|
|
if FwInfo_ <> nil then
|
|
FreeAndNil(FwInfo_);
|
|
Inherited;
|
|
end;
|
|
|
|
procedure TVulnerabilityService.StopWork;
|
|
begin
|
|
ThdVulSvc_.StopThread;
|
|
end;
|
|
|
|
procedure TVulnerabilityService.CallSafeProc;
|
|
begin
|
|
if not bIsVpnOn_ then
|
|
begin
|
|
if not SafeState_.bIsOsSafe then
|
|
begin
|
|
gMgSvc.PopupMessage(TYPE_MSG_OLD_WINDOWS);
|
|
gMgSvc.SendEventLog(URI_USER_ACTION, REQUEST_QNA, 'OS is not safe');
|
|
end;
|
|
|
|
// gMgSvc.SendEventLog(URI_USER_ACTION, LOGCODE_EVENT_VPNCONNECT, 'Security Mode');
|
|
gMgSvc.ProcessVpnConnect;
|
|
|
|
dwVpnOnTick_ := GetTickCount;
|
|
bIsVpnOn_ := true;
|
|
bIsVulMode_ := false;
|
|
end;
|
|
end;
|
|
|
|
procedure TVulnerabilityService.CallUnsafeProc(bIsDirect: Boolean);
|
|
begin
|
|
// 보안모드 가능상태이고, VPN Client를 통한 보안모드가 아니라면
|
|
// 강제로 끊기가 불가능하기 때문에 넘어간다 22_0613 13:20:23 kku
|
|
if gMgSvc.IsServiceAvailable and gMgSvc.IsSafeExitImpossible then
|
|
begin
|
|
CallPopup;
|
|
exit;
|
|
end else
|
|
CallPopup(true);
|
|
|
|
if bIsDirect then
|
|
begin
|
|
gMgSvc.SetRouterOn(false);
|
|
gMgSvc.SetVpnNicOn(false);
|
|
|
|
gMgSvc.PopupSystemMsg(TYPE_MSG_SYSTEM_NETWORKCLOSE);
|
|
end;
|
|
SetDisconnect(true, bIsDirect);
|
|
|
|
if bIsVpnOn_ then
|
|
begin
|
|
if ((GetTickCount - dwVpnOnTick_) > 10000) and // VPN 10초 사용전에는 사후 보고서 징수 안함 22_0616 13:30:31 kku
|
|
// IsUseAfterReport and
|
|
gMgSvc.PrefModel.IsUseAfterReport then
|
|
gMgSvc.PopupAfterReport;
|
|
|
|
bIsVpnOn_ := false;
|
|
bIsVulMode_ := false;
|
|
dwVpnOnTick_ := 0;
|
|
gMgSvc.PopupSystemMsg(TYPE_MSG_SYSTEM_VPNCLOSED);
|
|
gMgSvc.ProcessVpnDisconnect;
|
|
// gMgSvc.SendEventLog(URI_USER_ACTION, LOGCODE_EVENT_VPNDISCONN, 'Sleep mode');
|
|
end;
|
|
end;
|
|
|
|
procedure TVulnerabilityService.CallPopup(bInitPop: Boolean = false; bSendLog: Boolean = true);
|
|
|
|
procedure SendEventLog(sCode, sSummary: String);
|
|
begin
|
|
if not bSendLog then
|
|
exit;
|
|
|
|
if gMgSvc.IsNewApi then
|
|
begin
|
|
var LogInfo: TLogInfo;
|
|
ZeroMemory(@LogInfo, SizeOf(LogInfo));
|
|
LogInfo.sCode := sCode;
|
|
LogInfo.sSummary := sSummary;
|
|
gMgSvc.SendEventLogEx(@LogInfo, false);
|
|
end else
|
|
gMgSvc.SendEventLog(URI_USER_ACTION, sCode, sSummary);
|
|
end;
|
|
|
|
begin
|
|
if bInitPop then
|
|
InitPopup;
|
|
|
|
with SafeState_ do
|
|
begin
|
|
if not bIsPatchUptoDate and ((dwOsPatchPopupTick_ = 0) or
|
|
( IsOsPatchPopup30Min and ((GetTickCount - dwOsPatchPopupTick_) >= 1800000)) ) then // 30분 마다 팝업 추가 22_0609 08:36:30 kku
|
|
begin
|
|
dwOsPatchPopupTick_ := GetTickCount;
|
|
if gMgSvc.PrefModel.OsPatchCheck <> opcLog then
|
|
gMgSvc.PopupMessage(TYPE_MSG_VUL_OS);
|
|
|
|
SendEventLog(STATUS_OS, 'Vulnerability : OS Patch');
|
|
// bIsPatchUptoDate_Pop_ := true;
|
|
end;
|
|
|
|
if not bIsPasswordSet and not bIsPasswordSet_Pop_ then
|
|
begin
|
|
bIsPasswordSet_Pop_ := true;
|
|
gMgSvc.PopupMessage(TYPE_MSG_VUL_PW);
|
|
SendEventLog(STATUS_PASSWORD, 'Vulnerability : Password Empty');
|
|
end;
|
|
|
|
if not bIsPasswordSetTermOk and not bIsPasswordSetTermOk_Pop_ then
|
|
begin
|
|
bIsPasswordSetTermOk_Pop_ := true;
|
|
if gMgSvc.PrefModel.PwChkTerm <> pctLog then
|
|
gMgSvc.PopupMessage(TYPE_MSG_VUL_PW_LAST_CHANGE);
|
|
SendEventLog(SYSEVT_AGENT_PWDEXPIRED, 'Vulnerability : Password Expire');
|
|
end;
|
|
|
|
if not bIsSafePersonalInfo and not bIsSafePersonalInfo_Pop_ then
|
|
begin
|
|
bIsSafePersonalInfo_Pop_ := true;
|
|
|
|
if gMgSvc.PrefModel.ScanBlockKind <> sbkLog then
|
|
gMgSvc.PopupMessage(TYPE_MSG_VUL_SCAN);
|
|
SendEventLog(STATUS_SCANINFO, 'Vulnerability : PersonalInfo');
|
|
end;
|
|
|
|
if not bIsAvUptoDate and not bIsAvUptoDate_Pop_ then
|
|
begin
|
|
bIsAvUptoDate_Pop_ := true;
|
|
gMgSvc.PopupMessage(TYPE_MSG_VUL_AV);
|
|
SendEventLog(STATUS_AV, 'Vulnerability : AV Update');
|
|
end;
|
|
|
|
if not bIsAvSet and not bIsAvSet_Pop_ then
|
|
begin
|
|
bIsAvSet_Pop_ := true;
|
|
gMgSvc.PopupMessage(TYPE_MSG_VUL_AV);
|
|
SendEventLog(STATUS_AV, 'Vulnerability : AV');
|
|
end;
|
|
|
|
if not bIsFwSet and not bIsFwSet_Pop_ then
|
|
begin
|
|
bIsFwSet_Pop_ := true;
|
|
gMgSvc.PopupMessage(TYPE_MSG_VUL_FW);
|
|
SendEventLog(STATUS_FW, 'Vulnerability : FW');
|
|
end;
|
|
|
|
if not bIsScreenSaverSet and not bIsScreenSaverSet_Pop_ then
|
|
begin
|
|
bIsScreenSaverSet_Pop_ := true;
|
|
gMgSvc.PopupMessage(TYPE_MSG_VUL_SCREEN);
|
|
SendEventLog(STATUS_SCRNSAVER, 'Vulnerability : ScreenSaver');
|
|
end;
|
|
|
|
if not bIsAllowAccess and not bIsAllowAccess_Pop_ then
|
|
begin
|
|
bIsAllowAccess_Pop_ := true;
|
|
gMgSvc.PopupMessage(TYPE_MSG_VUL_ALLOWACCESS);
|
|
SendEventLog(STATUS_ACCESS_BLOCK, 'Vulnerability : Access Denied');
|
|
end;
|
|
|
|
if not bIsOsSafe and not bIsOsSafe_Pop_ then
|
|
begin
|
|
bIsOsSafe_Pop_ := true;
|
|
gMgSvc.PopupMessage(TYPE_MSG_OLD_WINDOWS);
|
|
|
|
// todo : OS 버전 취약 상태 전송
|
|
// gMgSvc.SendEventLog(URI_USER_ACTION, LOGCODE_EVENT_QNA, 'OS is not safe');
|
|
end;
|
|
end;
|
|
end;
|
|
|
|
procedure TVulnerabilityService.TryExitSafeMode(bForceDisconn: Boolean);
|
|
var
|
|
VpnList: TStringList;
|
|
i: Integer;
|
|
sList: String;
|
|
PO: TPrefModel;
|
|
begin
|
|
try
|
|
// todo : bForceDisconn 인자가 없어도 되는거 처리 24_0705 09:40:19 kku
|
|
if bForceDisconn then
|
|
begin
|
|
PO := gMgSvc.PrefModel;
|
|
|
|
// 음.... 보안모드 종료 동작 대기는 구현이 어려울거 같다 삭제 대기 24_0820 14:10:49 kku
|
|
// if dwUnsafeActionTick_ <> 0 then
|
|
// begin
|
|
// if ((GetTickCount - dwUnsafeActionTick_) < (PO.UnsafeActionsMin * 1000)) then
|
|
// exit;
|
|
// end else
|
|
// if PO.IsSecuEndActions and PO.IsUnsafeActions and (PO.UnsafeActionsMin > 0) then
|
|
// begin
|
|
// dwUnsafeActionTick_ := GetTickCount;
|
|
// exit;
|
|
// end;
|
|
//
|
|
// dwUnsafeActionTick_ := 0;
|
|
bIsForceDisconnect_ := true;
|
|
|
|
if PO.IsSecuEndActions and PO.UnsafeActions.Contains('app') then
|
|
begin
|
|
Guard(VpnList, TStringList.Create);
|
|
if SplitString(gMgSvc.VpnClient, ';', VpnList) > 0 then
|
|
for i := 0 to VpnList.Count - 1 do
|
|
TerminateProcessByName(VpnList[i]);
|
|
gMgSvc.IsVpnClientON := false;
|
|
|
|
sList := PO.VpnRcAppList;
|
|
if sList <> '' then
|
|
begin
|
|
if sList.Contains('zo') then
|
|
TerminateProcessByName('cpthost.exe');
|
|
if sList.Contains('we') then
|
|
TerminateProcessByName('ebexmta.exe');
|
|
if sList.Contains('wh') then
|
|
TerminateProcessByName('whale.exe');
|
|
if sList.Contains('cu') then
|
|
TerminateProcessByName('CMConf.exe');
|
|
end;
|
|
end;
|
|
end;
|
|
except
|
|
on E: Exception do
|
|
ETgException.TraceException(Self, E, 'Fail .. TryExitSafeMode()');
|
|
end;
|
|
end;
|
|
|
|
procedure TVulnerabilityService.SetDisconnect(bIsOn: Boolean; bForceDisconn: Boolean = true);
|
|
begin
|
|
if bIsOn then
|
|
begin
|
|
TryExitSafeMode(bForceDisconn);
|
|
|
|
// 초기화 해주는 부분이 없어서... 일단 여기에 추가 22_0425 08:37:11 kku
|
|
gMgSvc.ProcessVpnDisconnect;
|
|
end else
|
|
bIsForceDisconnect_ := false;
|
|
end;
|
|
|
|
procedure TVulnerabilityService.SetUseTempConn(bVal: Boolean);
|
|
begin
|
|
bUseTempConn_ := bVal;
|
|
end;
|
|
|
|
procedure TVulnerabilityService.InitPopup;
|
|
begin
|
|
dwOsPatchPopupTick_ := 0;
|
|
bIsPatchUptoDate_Pop_ := false;
|
|
bIsPasswordSet_Pop_ := false;
|
|
bIsPasswordSetTermOk_Pop_ := false;
|
|
bIsSafePersonalInfo_Pop_ := false;
|
|
bIsAvUptoDate_Pop_ := false;
|
|
bIsFwSet_Pop_ := false;
|
|
bIsScreenSaverSet_Pop_ := false;
|
|
bIsAllowAccess_Pop_ := false;
|
|
bIsOsSafe_Pop_ := false;
|
|
bUseTempConn_ := false;
|
|
end;
|
|
|
|
function TVulnerabilityService.CheckUnSafeState(aNewSafeState: TSafeState): Boolean;
|
|
begin
|
|
Result := true;
|
|
try
|
|
with SafeState_ do
|
|
begin
|
|
if bIsAllowAccess and not aNewSafeState.bIsAllowAccess then
|
|
begin
|
|
bIsAllowAccess_Pop_ := false;
|
|
exit;
|
|
end;
|
|
if bIsScreenSaverSet and not aNewSafeState.bIsScreenSaverSet then
|
|
begin
|
|
bIsScreenSaverSet_Pop_ := false;
|
|
exit;
|
|
end;
|
|
if bIsOsSafe and not aNewSafeState.bIsOsSafe then
|
|
begin
|
|
bIsOsSafe_Pop_ := false;
|
|
exit;
|
|
end;
|
|
if bIsAvUptoDate and not aNewSafeState.bIsAvUptoDate then
|
|
begin
|
|
bIsAvUptoDate_Pop_ := false;
|
|
exit;
|
|
end;
|
|
if bIsFwSet and not aNewSafeState.bIsFwSet then
|
|
begin
|
|
bIsFwSet_Pop_ := false;
|
|
exit;
|
|
end;
|
|
if bIsAvSet and not aNewSafeState.bIsAvSet then
|
|
begin
|
|
bIsAvSet_Pop_ := false;
|
|
exit;
|
|
end;
|
|
if bIsPatchUptoDate and not aNewSafeState.bIsPatchUptoDate then
|
|
begin
|
|
dwOsPatchPopupTick_ := 0;
|
|
// bIsPatchUptoDate_Pop_ := false;
|
|
exit;
|
|
end;
|
|
if bIsPasswordSet and not aNewSafeState.bIsPasswordSet then
|
|
begin
|
|
bIsPasswordSet_Pop_ := false;
|
|
exit;
|
|
end;
|
|
if bIsPasswordSetTermOk and not aNewSafeState.bIsPasswordSetTermOk then
|
|
begin
|
|
bIsPasswordSetTermOk_Pop_ := false;
|
|
exit;
|
|
end;
|
|
if bIsSafePersonalInfo and not aNewSafeState.bIsSafePersonalInfo then
|
|
begin
|
|
bIsSafePersonalInfo_Pop_ := false;
|
|
exit;
|
|
end;
|
|
end;
|
|
Result := false;
|
|
finally
|
|
SafeState_ := aNewSafeState;
|
|
end;
|
|
end;
|
|
|
|
//procedure TVulnerabilityService.SetPrintBlock(bVal: Boolean);
|
|
//begin
|
|
// if not bIsPrintBlock_ and bVal then
|
|
// gMgSvc.SendEventLog(URI_USERUPDATE, LOGCODE_PREVENT_PRINTER, 'Prevent Printer mode enabled');
|
|
// bIsPrintBlock_ := bVal;
|
|
//end;
|
|
|
|
procedure TVulnerabilityService.SetDefaultPortBlock(bVal: Boolean);
|
|
begin
|
|
if not bIsDefaultPortBlock_ and bVal then
|
|
gMgSvc.SendEventLog(URI_USERUPDATE, LOGCODE_PREVENT_PORT, 'Prevent Default Port mode enabled');
|
|
bIsDefaultPortBlock_ := bVal;
|
|
end;
|
|
|
|
end.
|