https://git.reactos.org/?p=reactos.git;a=commitdiff;h=16532170de6d081fd4674… commit 16532170de6d081fd4674352aaab7bb40d30691d Author: Eric Kohl &lt;eric.kohl(a)reactos.org&gt; AuthorDate: Sat Jan 2 21:18:18 2021 +0100 Commit: Eric Kohl &lt;eric.kohl(a)reactos.org&gt; CommitDate: Sat Jan 2 21:18:18 2021 +0100 [SYSSETUP][INF] Add event log settings to the default security settings and apply them on setup --- dll/win32/syssetup/security.c | 148 ++++++++++++++++++++++++++++++++++++++++++ media/inf/defltwk.inf | 18 +++++ 2 files changed, 166 insertions(+) diff --git a/dll/win32/syssetup/security.c b/dll/win32/syssetup/security.c index aeba7229bac..0bf4167ebc0 100644 --- a/dll/win32/syssetup/security.c +++ b/dll/win32/syssetup/security.c @@ -586,6 +586,150 @@ ApplyRegistryValues( } +static +VOID +ApplyEventlogSettings( + _In_ HINF hSecurityInf, + _In_ PWSTR pszSectionName, + _In_ PWSTR pszLogName) +{ + INFCONTEXT InfContext; + HKEY hServiceKey = NULL, hLogKey = NULL; + DWORD dwValue, dwError; + BOOL bValueSet; + + DPRINT("ApplyEventlogSettings(%p %S %S)\n", + hSecurityInf, pszSectionName, pszLogName); + + dwError = RegCreateKeyExW(HKEY_LOCAL_MACHINE, + L"System\\CurrentControlSet\\Services\\Eventlog", + 0, + NULL, + REG_OPTION_NON_VOLATILE, + KEY_WRITE, + NULL, + &hServiceKey, + NULL); + if (dwError != ERROR_SUCCESS) + { + DPRINT1("Failed to create the Eventlog Service key (Error %lu)\n", dwError); + return; + } + + dwError = RegCreateKeyExW(hServiceKey, + pszLogName, + 0, + NULL, + REG_OPTION_NON_VOLATILE, + KEY_WRITE, + NULL, + &hLogKey, + NULL); + if (dwError != ERROR_SUCCESS) + { + DPRINT1("Failed to create the key %S (Error %lu)\n", pszLogName, dwError); + RegCloseKey(hServiceKey); + return; + } + + if (SetupFindFirstLineW(hSecurityInf, + pszSectionName, + L"MaximumLogSize", + &InfContext)) + { + DPRINT("MaximumLogSize\n"); + dwValue = 0; + SetupGetIntField(&InfContext, + 1, + (PINT)&dwValue); + + DPRINT("MaximumLogSize: %lu (kByte)\n", dwValue); + if (dwValue >= 64 && dwValue <= 4194240) + { + dwValue *= 1024; + + DPRINT("MaxSize: %lu\n", dwValue); + RegSetValueEx(hLogKey, + L"MaxSize", + 0, + REG_DWORD, + (LPBYTE)&dwValue, + sizeof(dwValue)); + } + } + + if (SetupFindFirstLineW(hSecurityInf, + pszSectionName, + L"AuditLogRetentionPeriod", + &InfContext)) + { + bValueSet = FALSE; + dwValue = 0; + SetupGetIntField(&InfContext, + 1, + (PINT)&dwValue); + if (dwValue == 0) + { + bValueSet = TRUE; + } + else if (dwValue == 1) + { + if (SetupFindFirstLineW(hSecurityInf, + pszSectionName, + L"RetentionDays", + &InfContext)) + { + SetupGetIntField(&InfContext, + 1, + (PINT)&dwValue); + dwValue *= 86400; + bValueSet = TRUE; + } + } + else if (dwValue == 2) + { + dwValue = (DWORD)-1; + bValueSet = TRUE; + } + + if (bValueSet) + { + DPRINT("Retention: %lu\n", dwValue); + RegSetValueEx(hLogKey, + L"Retention", + 0, + REG_DWORD, + (LPBYTE)&dwValue, + sizeof(dwValue)); + } + } + + if (SetupFindFirstLineW(hSecurityInf, + pszSectionName, + L"RestrictGuestAccess", + &InfContext)) + { + dwValue = 0; + SetupGetIntField(&InfContext, + 1, + (PINT)&dwValue); + if (dwValue == 0 || dwValue == 1) + { + DPRINT("RestrictGuestAccess: %lu\n", dwValue); + RegSetValueEx(hLogKey, + L"RestrictGuestAccess", + 0, + REG_DWORD, + (LPBYTE)&dwValue, + sizeof(dwValue)); + } + } + + RegCloseKey(hLogKey); + RegCloseKey(hServiceKey); +} + + VOID InstallSecurity(VOID) { @@ -608,6 +752,10 @@ InstallSecurity(VOID) InstallPrivileges(hSecurityInf); ApplyRegistryValues(hSecurityInf); + ApplyEventlogSettings(hSecurityInf, L"Application Log", L"Application"); + ApplyEventlogSettings(hSecurityInf, L"Security Log", L"Security"); + ApplyEventlogSettings(hSecurityInf, L"System Log", L"System"); + SetupCloseInfFile(hSecurityInf); } diff --git a/media/inf/defltwk.inf b/media/inf/defltwk.inf index 29651c2f74c..d23b0d861ea 100644 --- a/media/inf/defltwk.inf +++ b/media/inf/defltwk.inf @@ -4,6 +4,24 @@ [Version] Signature = "$Windows NT$" +[Application Log] +MaximumLogSize = 512 +AuditLogRetentionPeriod = 1 +RetentionDays = 7 +RestrictGuestAccess = 1 + +[Security Log] +MaximumLogSize = 512 +AuditLogRetentionPeriod = 1 +RetentionDays = 7 +RestrictGuestAccess = 1 + +[System Log] +MaximumLogSize = 512 +AuditLogRetentionPeriod = 1 +RetentionDays = 7 +RestrictGuestAccess = 1 + [Privilege Rights] SeAssignPrimaryTokenPrivilege = *S-1-5-19, *S-1-5-20 SeAuditPrivilege = *S-1-5-19, *S-1-5-20