{"id":64,"date":"2008-04-10T10:28:03","date_gmt":"2008-04-10T14:28:03","guid":{"rendered":"http:\/\/www.dev-notes.com\/blog\/2008\/04\/10\/directory-security-audit\/"},"modified":"2018-03-30T12:06:36","modified_gmt":"2018-03-30T16:06:36","slug":"directory-security-audit","status":"publish","type":"post","link":"https:\/\/www.dev-notes.com\/blog\/2008\/04\/10\/directory-security-audit\/","title":{"rendered":"Directory security audit"},"content":{"rendered":"

First, we will have to add the proper namespaces to our project.<\/p>\n

\r\nusing System.Security.Principal;\r\nusing System.Security.AccessControl;\r\n<\/pre>\n
Next we will write a recursive function to traverse the directories in a given parent folder.<\/p>\n
\r\nprivate void TraverseDirectories(string srcDir)\r\n{\r\n\tstring[] subdirEntries = Directory.GetDirectories(srcDir);\r\n\r\n\tforeach (string subDir in subdirEntries)\r\n\t{\r\n\t\tGetDirSecurity(subDir);\r\n\t\tTraverseDirectories(subDir);\r\n\t}\r\n}\r\n<\/pre>\n
You will see that in our foreach loop, we call the GetDirSecurity function for each sub directory.  Let’s take a look at what that function does.<\/p>\n
\r\nprivate void GetDirSecurity(string srcDir)\r\n{\r\n\ttry\r\n\t{\r\n\t\tDirectorySecurity ds = Directory.GetAccessControl(srcDir, AccessControlSections.Access);\r\n\t\tAuthorizationRuleCollection arc = ds.GetAccessRules(true,true, typeof(NTAccount));\r\n\r\n\t\tforeach (FileSystemAccessRule fsar in arc)\r\n\t\t{\r\n\t\t\t\/*\r\n\t\t\tHANDLE OUTPUT HERE\r\n\t\t\tfsar.IdentityReference.Value;\r\n\t\t\tfsar.FileSystemRights.ToString();\r\n\t\t\tfsar.AccessControlType.ToString();\r\n\t\t\tfsar.IsInherited.ToString();\r\n\t\t\t*\/\r\n\t\t}\r\n\t}\r\n\tcatch (Exception e)\r\n\t{\r\n\t\t\/\/HANDLE EXCEPTION\r\n\t}\r\n}\r\n<\/pre>\n
In the GetDirSecurity function, we pass it the directory that we wish to view the security.  It creates a directory security object, then creates a collection of rules from that object.  We then loop through the collection and view the rules on the directory object.  Enjoy!<\/p>\n","protected":false},"excerpt":{"rendered":"
I was selected for the task of auditing permissions and security on our file system so that we could analyze current practices and plan for potential new implementations.  Since the file system was so big, it didn’t make sense to go through folder by folder.  I wrote this simple program in C#.NET to traverse directories and view the permissions on them.<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-64","post","type-post","status-publish","format-standard","hentry","category-c"],"_links":{"self":[{"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/posts\/64","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/comments?post=64"}],"version-history":[{"count":1,"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/posts\/64\/revisions"}],"predecessor-version":[{"id":226,"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/posts\/64\/revisions\/226"}],"wp:attachment":[{"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/media?parent=64"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/categories?post=64"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dev-notes.com\/blog\/wp-json\/wp\/v2\/tags?post=64"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}