From f351e70fbdf72ec14f335aa74ad3e7f0bc6da5bc Mon Sep 17 00:00:00 2001 From: Christian Cleberg Date: Tue, 6 May 2025 21:54:18 -0500 Subject: add and update READMEs (#7) * add and update READMEs * Commit from GitHub Actions (Ruff) --------- Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com> --- README.md | 103 ------------------------------ README.org | 104 +++++++++++++++++++++++++++++++ databases/oracle/README.org | 81 ++++++++++++++++++++++++ databases/sql/README.org | 36 +++++++++++ databases/sql/passwords/data.csv | 9 --- databases/sql/passwords/example_data.csv | 9 +++ databases/sql/passwords/get_data.sql | 30 --------- databases/sql/passwords/passwords.py | 85 +++++++++++++++++++++++++ databases/sql/passwords/query.sql | 30 +++++++++ databases/sql/passwords/test.py | 80 ------------------------ 10 files changed, 345 insertions(+), 222 deletions(-) delete mode 100644 README.md create mode 100644 README.org create mode 100644 databases/oracle/README.org create mode 100644 databases/sql/README.org delete mode 100644 databases/sql/passwords/data.csv create mode 100644 databases/sql/passwords/example_data.csv delete mode 100644 databases/sql/passwords/get_data.sql create mode 100644 databases/sql/passwords/passwords.py create mode 100644 databases/sql/passwords/query.sql delete mode 100644 databases/sql/passwords/test.py diff --git a/README.md b/README.md deleted file mode 100644 index 12eacc2..0000000 --- a/README.md +++ /dev/null @@ -1,103 +0,0 @@ -# Background - -I have been an auditor for years, starting with operational/financial -audits and quickly transitioning to technology audits early in my -career. - -While performing technology audits, attestations, etc., you will find -that it requires a lot of manual effort if you don\'t use the right -tools to automate as much as possible. - -This repository serves as my personal collection of audit tools that I -want to save and re-use later. - -## Scope - -While I created the scripts and tools within this repository -specifically for the applications I use, I am working to include -edge-cases and niche tools as I can. - -For now, refer to the tree below for application coverage. - -```shell -tree -I ".git*|venv" -``` - -```text -. -├── applications -│   ├── github -│   │   ├── github_admins.py -│   │   ├── github_audit_log.py -│   │   ├── github_branch_protections.py -│   │   ├── github_commits.py -│   │   └── README.org -│   └── gitlab -│   ├── approvals.py -│   ├── branch_protections.py -│   ├── passwords.py -│   ├── pipelines.py -│   ├── provisioning.py -│   ├── README.org -│   ├── repositories.py -│   └── users.py -├── CODEOWNERS -├── databases -│   ├── mongo -│   │   ├── admins.py -│   │   └── README.org -│   ├── mysql -│   │   ├── mysql_admins_alt.sql -│   │   ├── mysql_admins.sql -│   │   ├── passwords.sql -│   │   └── README.org -│   ├── oracle -│   │   ├── oracle_admins_alt.sql -│   │   └── oracle_admins.sql -│   ├── postgres -│   │   ├── admins.sql -│   │   ├── passwords.sql -│   │   └── README.org -│   └── sql -│   ├── admins.sql -│   └── passwords -│   ├── data.csv -│   ├── get_data.sql -│   └── test.py -├── LICENSE -├── os -│   └── linux -│   ├── passwords.sh -│   ├── README.org -│   └── ssh_root_login.sh -├── project_management -│   ├── alteryx -│   │   └── project_email_reminders.yxmd -│   ├── dash -│   │   └── app.py -│   └── powerbi -│   └── project_dashboard -│   ├── project_dashboard.pbix -│   └── project_data.xlsx -├── README.md -├── requirements.txt -└── sampling - ├── README.org - ├── sample.html - ├── sample-html.png - └── sample.py -``` - -# Development - -## Python - -For the Python scripts, use the following to activate a virtual -environment for consistent packing: - -```shell -python3 -m venv venv -source ./venv/bin/activate -pip install PACKAGE_NAME -python3 ./PYTHON_SCRIPT.py -``` diff --git a/README.org b/README.org new file mode 100644 index 0000000..c30029b --- /dev/null +++ b/README.org @@ -0,0 +1,104 @@ +* Background + +I have been an auditor for years, starting with operational/financial +audits and quickly transitioning to technology audits early in my +career. + +While performing technology audits, attestations, etc., you will find +that it requires a lot of manual effort if you don't use the right tools +to automate as much as possible. + +This repository serves as my personal collection of audit tools that I +want to save and re-use later. + +** Scope + +While I created the scripts and tools within this repository +specifically for the applications I use, I am working to include +edge-cases and niche tools as I can. + +For now, refer to the tree below for application coverage. + +#+begin_src shell +tree -I ".git*|venv" +#+end_src + +#+begin_src text +. +├── applications +│   ├── github +│   │   ├── github_admins.py +│   │   ├── github_audit_log.py +│   │   ├── github_branch_protections.py +│   │   ├── github_commits.py +│   │   └── README.org +│   └── gitlab +│   ├── approvals.py +│   ├── branch_protections.py +│   ├── passwords.py +│   ├── pipelines.py +│   ├── provisioning.py +│   ├── README.org +│   ├── repositories.py +│   └── users.py +├── CODEOWNERS +├── databases +│   ├── mongo +│   │   ├── admins.py +│   │   └── README.org +│   ├── mysql +│   │   ├── mysql_admins_alt.sql +│   │   ├── mysql_admins.sql +│   │   ├── passwords.sql +│   │   └── README.org +│   ├── oracle +│   │   ├── oracle_admins_alt.sql +│   │   ├── oracle_admins.sql +│   │   └── README.org +│   ├── postgres +│   │   ├── admins.sql +│   │   ├── passwords.sql +│   │   └── README.org +│   └── sql +│   ├── admins.sql +│   ├── passwords +│   │   ├── example_data.csv +│   │   ├── passwords.py +│   │   └── query.sql +│   └── README.org +├── LICENSE +├── os +│   └── linux +│   ├── passwords.sh +│   ├── README.org +│   └── ssh_root_login.sh +├── project_management +│   ├── alteryx +│   │   └── project_email_reminders.yxmd +│   ├── dash +│   │   └── app.py +│   └── powerbi +│   └── project_dashboard +│   ├── project_dashboard.pbix +│   └── project_data.xlsx +├── README.org +├── requirements.txt +└── sampling + ├── README.org + ├── sample.html + ├── sample-html.png + └── sample.py +#+end_src + +* Development +** Python + +For the Python scripts, use the following to activate a virtual +environment for consistent packing: + +#+begin_src shell +python3 -m venv venv +source ./venv/bin/activate +pip install PACKAGE_NAME +python3 ./PYTHON_SCRIPT.py +#+end_src diff --git a/databases/oracle/README.org b/databases/oracle/README.org new file mode 100644 index 0000000..f2bc680 --- /dev/null +++ b/databases/oracle/README.org @@ -0,0 +1,81 @@ +* =oracle_admins.sql= + +#+begin_src sql +SELECT + grantee AS "User", + privilege AS "Privilege" +FROM + dba_sys_privs +WHERE + grantee IN (SELECT DISTINCT grantee FROM dba_sys_privs) +UNION ALL +SELECT + grantee AS "User", + privilege AS "Privilege" +FROM + dba_tab_privs +WHERE + grantee IN (SELECT DISTINCT grantee FROM dba_tab_privs); +#+end_src + +#+begin_src text +| User | Privilege | +|----------+---------------------| +| SCOTT | CREATE SESSION | +| SCOTT | CREATE TABLE | +| SCOTT | SELECT | +| SCOTT | INSERT | +| HR | CREATE SESSION | +| HR | SELECT | +| HR | INSERT | +| HR | UPDATE | +| SYS | CREATE USER | +| SYS | GRANT ANY PRIVILEGE | +| SYS | DROP USER | +| SYSTEM | CREATE TABLESPACE | +| SYSTEM | CREATE USER | +| SYSTEM | ALTER USER | +| SYSTEM | DROP USER | +| APP_USER | SELECT ON EMPLOYEES | +| APP_USER | INSERT ON EMPLOYEES | +| APP_USER | UPDATE ON EMPLOYEES | +#+end_src + +* =oracle_admins_alt.sql= + +#+begin_src sql +SELECT ** FROM sys.dba_role_privs; +SELECT ** FROM sys.dba_sys_privs; +SELECT ** FROM sys.dba_tab_privs; +SELECT ** FROM sys.dba_users; +#+end_src + +#+begin_src text +| Grantee | Granted_Role | Admin_Option | +|----------+--------------+--------------| +| SCOTT | DBA | NO | +| HR | RESOURCE | YES | +| APP_USER | DATA_ANALYST | NO | + +| Grantee | Privilege | +|---------+---------------------| +| SCOTT | CREATE SESSION | +| HR | CREATE TABLE | +| SYS | GRANT ANY PRIVILEGE | +| SYSTEM | CREATE USER | + +| Grantee | Table_Name | Privilege | +|----------+-------------+-----------| +| SCOTT | EMPLOYEES | SELECT | +| SCOTT | EMPLOYEES | INSERT | +| HR | DEPARTMENTS | SELECT | +| APP_USER | EMPLOYEES | UPDATE | + +| Username | Account_Status | Default_Tablespace | Temporary_Tablespace | +|----------+----------------+--------------------+----------------------| +| SCOTT | OPEN | USERS | TEMP | +| HR | OPEN | USERS | TEMP | +| SYS | OPEN | SYSTEM | TEMP | +| SYSTEM | OPEN | SYSTEM | TEMP | +| APP_USER | OPEN | USERS | TEMP | +#+end_src diff --git a/databases/sql/README.org b/databases/sql/README.org new file mode 100644 index 0000000..b2a2285 --- /dev/null +++ b/databases/sql/README.org @@ -0,0 +1,36 @@ +* =admins.sql= + +#+begin_src sql +:r admins.sql +#+end_src + +,#+begin_src text +| UserName | UserType | DatabaseUserName | Role | PermissionType | PermissionState | ObjectType | ObjectName | ColumnName | +|-------------+--------------+------------------+-----------------+----------------+-----------------+----------------------+--------------------+------------| +| SCOTT | SQL User | SCOTT | NULL | SELECT | GRANT | USER_TABLE | EMPLOYEES | NULL | +| SCOTT | SQL User | SCOTT | NULL | INSERT | GRANT | USER_TABLE | EMPLOYEES | NULL | +| HR | SQL User | HR | NULL | EXECUTE | GRANT | SQL_STORED_PROCEDURE | SP_GET_EMPLOYEE | NULL | +| APP_USER | Windows User | APP_USER | ApplicationRole | SELECT | GRANT | VIEW | vw_EmployeeDetails | NULL | +| APP_USER | Windows User | APP_USER | ApplicationRole | INSERT | GRANT | USER_TABLE | EMPLOYEES | NULL | +| {All Users} | {All Users} | {All Users} | public | SELECT | GRANT | USER_TABLE | EMPLOYEES | NULL | +| {All Users} | {All Users} | {All Users} | public | EXECUTE | GRANT | SQL_STORED_PROCEDURE | SP_GET_EMPLOYEE | NULL | +#+end_src + +* =passwords.py= + +#+begin_src shell +python passwords.py +#+end_src + +#+begin_src text +| Name | Type | Check Policy | Check Expiration | Reason | +|-------+-----------+--------------+------------------+-----------------------------------------------------------------------------------------------------------------------------------------------| +| user1 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | +| user2 | SQL_LOGIN | FAIL | FAIL | Password policy is not enforced. Password expiration is not enforced. | +| user3 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | +| user4 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | +| user5 | SQL_LOGIN | PASS | FAIL | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is not enforced. | +| user6 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | +| user7 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | +| user8 | SQL_LOGIN | PASS | PASS | Password policy is enforced. Reviewer to check the assigned policy. Password expiration is enforced. Reviewer to check the expiration policy. | +#+end_src diff --git a/databases/sql/passwords/data.csv b/databases/sql/passwords/data.csv deleted file mode 100644 index fc925ea..0000000 --- a/databases/sql/passwords/data.csv +++ /dev/null @@ -1,9 +0,0 @@ -name,principal_id,sid,type,type_desc,is_disabled,create_date,modify_date,default_database_name,default_language_name,credential_id,is_policy_checked,is_expiration_checked,password_hash,IsMustChange,IsLocked,LockoutTime,PasswordLastSetTime,IsExpired,BadPasswordCount,BadPasswordTime,HistoryLength -user1,1,,S,SQL_LOGIN,0,2023-01-15 10:35:00,2023-01-15 10:35:00,master,us_english,NULL,1,0,0x01004086CEB6772AE2356381B9B069D4E02C0185D5A06CFA3822,0,0,,2023-01-15 10:35:00,0,0,,5 -user2,267,,S,SQL_LOGIN,0,2023-02-20 20:49:00,2023-02-20 20:49:00,master,us_english,NULL,0,0,0x01003E3A7A6F88A8F548540ECB2043946AC2545120424CCD8782,1,0,,2023-02-20 20:49:00,0,1,2023-02-20 20:50:00,3 -user3,268,,S,SQL_LOGIN,0,2023-03-10 11:20:00,2023-03-10 11:20:00,secondary,us_english,NULL,1,0,0x010042516769FBC191A67840731CB36B41EFDACC97BE8264281F,0,0,,2023-03-10 11:20:00,0,0,,4 -user4,269,,S,SQL_LOGIN,0,2023-04-01 10:40:00,2023-04-01 11:32:00,secondary,us_english,NULL,1,0,0x01005F3B351B26E2DB7C7FD3C7ED02B3FD2EDC09BB2BF13DA3E5,0,1,2023-04-01 11:32:00,2023-04-01 10:40:00,0,3,2023-04-01 11:30:00,2 -user5,270,,S,SQL_LOGIN,0,2023-05-05 12:33:00,2023-05-05 12:33:00,master,us_english,NULL,1,0,0x0100AE15D55972BB3D6C6283921711CD4A208747888BEEFED71B,0,0,,2023-05-05 12:33:00,0,0,,6 -user6,272,,S,SQL_LOGIN,0,2023-06-15 11:46:00,2023-06-15 11:46:00,secondary,us_english,NULL,1,1,0x0100F12FAE790FCE0FF356A0948211AE4052653503E1BBC28FAB,0,0,,2023-06-15 11:46:00,0,0,,7 -user7,279,,S,SQL_LOGIN,0,2023-07-20 12:50:00,2023-07-20 12:50:00,secondary,us_english,NULL,1,1,0x01004856A222264E62219236AB6AC7E5B622F1E53D1CCA2AF9B8,0,0,,2023-07-20 12:50:00,0,0,,8 -user8,284,,S,SQL_LOGIN,0,2023-08-25 13:56:00,2023-08-25 13:56:00,master,us_english,NULL,1,1,0x0100723BEDBE69779CD3087C0E60AD69C33CC7E969F78DA2498A,0,0,,2023-08-25 13:56:00,0,0,,9 \ No newline at end of file diff --git a/databases/sql/passwords/example_data.csv b/databases/sql/passwords/example_data.csv new file mode 100644 index 0000000..fc925ea --- /dev/null +++ b/databases/sql/passwords/example_data.csv @@ -0,0 +1,9 @@ +name,principal_id,sid,type,type_desc,is_disabled,create_date,modify_date,default_database_name,default_language_name,credential_id,is_policy_checked,is_expiration_checked,password_hash,IsMustChange,IsLocked,LockoutTime,PasswordLastSetTime,IsExpired,BadPasswordCount,BadPasswordTime,HistoryLength +user1,1,,S,SQL_LOGIN,0,2023-01-15 10:35:00,2023-01-15 10:35:00,master,us_english,NULL,1,0,0x01004086CEB6772AE2356381B9B069D4E02C0185D5A06CFA3822,0,0,,2023-01-15 10:35:00,0,0,,5 +user2,267,,S,SQL_LOGIN,0,2023-02-20 20:49:00,2023-02-20 20:49:00,master,us_english,NULL,0,0,0x01003E3A7A6F88A8F548540ECB2043946AC2545120424CCD8782,1,0,,2023-02-20 20:49:00,0,1,2023-02-20 20:50:00,3 +user3,268,,S,SQL_LOGIN,0,2023-03-10 11:20:00,2023-03-10 11:20:00,secondary,us_english,NULL,1,0,0x010042516769FBC191A67840731CB36B41EFDACC97BE8264281F,0,0,,2023-03-10 11:20:00,0,0,,4 +user4,269,,S,SQL_LOGIN,0,2023-04-01 10:40:00,2023-04-01 11:32:00,secondary,us_english,NULL,1,0,0x01005F3B351B26E2DB7C7FD3C7ED02B3FD2EDC09BB2BF13DA3E5,0,1,2023-04-01 11:32:00,2023-04-01 10:40:00,0,3,2023-04-01 11:30:00,2 +user5,270,,S,SQL_LOGIN,0,2023-05-05 12:33:00,2023-05-05 12:33:00,master,us_english,NULL,1,0,0x0100AE15D55972BB3D6C6283921711CD4A208747888BEEFED71B,0,0,,2023-05-05 12:33:00,0,0,,6 +user6,272,,S,SQL_LOGIN,0,2023-06-15 11:46:00,2023-06-15 11:46:00,secondary,us_english,NULL,1,1,0x0100F12FAE790FCE0FF356A0948211AE4052653503E1BBC28FAB,0,0,,2023-06-15 11:46:00,0,0,,7 +user7,279,,S,SQL_LOGIN,0,2023-07-20 12:50:00,2023-07-20 12:50:00,secondary,us_english,NULL,1,1,0x01004856A222264E62219236AB6AC7E5B622F1E53D1CCA2AF9B8,0,0,,2023-07-20 12:50:00,0,0,,8 +user8,284,,S,SQL_LOGIN,0,2023-08-25 13:56:00,2023-08-25 13:56:00,master,us_english,NULL,1,1,0x0100723BEDBE69779CD3087C0E60AD69C33CC7E969F78DA2498A,0,0,,2023-08-25 13:56:00,0,0,,9 \ No newline at end of file diff --git a/databases/sql/passwords/get_data.sql b/databases/sql/passwords/get_data.sql deleted file mode 100644 index b5bef36..0000000 --- a/databases/sql/passwords/get_data.sql +++ /dev/null @@ -1,30 +0,0 @@ -/* -References: -1. https://learn.microsoft.com/en-us/sql/relational-databases/security/password-policy -2. https://learn.microsoft.com/en-us/sql/t-sql/functions/loginproperty-transact-sql -*/ - -SELECT - name, - principal_id, - sid, - type, - type_desc, - is_disabled, - create_date, - modify_date, - default_database_name, - default_language_name, - credential_id, - is_policy_checked, - is_expiration_checked, - password_hash, - LOGINPROPERTY(name, 'IsMustChange') AS IsMustChange, - LOGINPROPERTY(name, 'IsLocked') AS IsLocked, - LOGINPROPERTY(name, 'LockoutTime') AS LockoutTime, - LOGINPROPERTY(name, 'PasswordLastSetTime') AS PasswordLastSetTime, - LOGINPROPERTY(name, 'IsExpired') AS IsExpired, - LOGINPROPERTY(name, 'BadPasswordCount') AS BadPasswordCount, - LOGINPROPERTY(name, 'BadPasswordTime') AS BadPasswordTime, - LOGINPROPERTY(name, 'HistoryLength') AS HistoryLength -FROM sys.sql_logins; diff --git a/databases/sql/passwords/passwords.py b/databases/sql/passwords/passwords.py new file mode 100644 index 0000000..eed41cc --- /dev/null +++ b/databases/sql/passwords/passwords.py @@ -0,0 +1,85 @@ +""" +Checks SQL Server user data for compliance with Windows policies. +""" + +# Import packages +import pandas as pd + +# Load the data into a pandas DataFrame +df_input = pd.read_csv("./data.csv") + + +# Function to apply rules and generate report +def apply_rules_and_report(df): + """ + Apply defined rules against the input data. + + Parameters: + df (pandas.DataFrame): SQL login data + + Returns: + report (list): List of dictionaries containing test results + """ + report = [] + for _, row in df.iterrows(): + result = { + "Name": row["name"], + "Type Check": "", + "Policy Check": "", + "Expiration Check": "", + "Reason": "", + } + + # Check the type_desc + if row["type_desc"] == "SQL_LOGIN": + result["Type Check"] = "SQL_LOGIN" + elif row["type_desc"] == "WINDOWS_LOGIN": + result["Type Check"] = "N/A" + result["Reason"] = "Refer to Windows password policy." + else: + result["Type Check"] = "Manual Review" + result["Reason"] = "Reviewer to manually review." + + # Check if password policy is enforced + if row["is_policy_checked"] == 1: + result["Policy Check"] = "PASS" + result["Reason"] += """Password policy is enforced. Reviewer to + check the assigned policy.""" + else: + result["Policy Check"] = "FAIL" + result["Reason"] += "Password policy is not enforced." + + # Check if password expiration is enforced + if row["is_expiration_checked"] == 1: + result["Expiration Check"] = "PASS" + result["Reason"] += """Password expiration is enforced. Reviewer to + check the expiration policy.""" + else: + result["Expiration Check"] = "FAIL" + result["Reason"] += "Password expiration is not enforced." + + report.append(result) + + return report + + +# Main function to run the script +def main(): + """ + Apply defined rules against the input data and print the results. + """ + # Apply rules and generate report + report = apply_rules_and_report(df_input) + report_df = pd.DataFrame(report) + + # Do not truncate output + pd.set_option("display.expand_frame_repr", True) + pd.set_option("display.width", 1000) + pd.set_option("display.max_colwidth", 1000) + + # Print the report + print(report_df) + + +if __name__ == "__main__": + main() diff --git a/databases/sql/passwords/query.sql b/databases/sql/passwords/query.sql new file mode 100644 index 0000000..b5bef36 --- /dev/null +++ b/databases/sql/passwords/query.sql @@ -0,0 +1,30 @@ +/* +References: +1. https://learn.microsoft.com/en-us/sql/relational-databases/security/password-policy +2. https://learn.microsoft.com/en-us/sql/t-sql/functions/loginproperty-transact-sql +*/ + +SELECT + name, + principal_id, + sid, + type, + type_desc, + is_disabled, + create_date, + modify_date, + default_database_name, + default_language_name, + credential_id, + is_policy_checked, + is_expiration_checked, + password_hash, + LOGINPROPERTY(name, 'IsMustChange') AS IsMustChange, + LOGINPROPERTY(name, 'IsLocked') AS IsLocked, + LOGINPROPERTY(name, 'LockoutTime') AS LockoutTime, + LOGINPROPERTY(name, 'PasswordLastSetTime') AS PasswordLastSetTime, + LOGINPROPERTY(name, 'IsExpired') AS IsExpired, + LOGINPROPERTY(name, 'BadPasswordCount') AS BadPasswordCount, + LOGINPROPERTY(name, 'BadPasswordTime') AS BadPasswordTime, + LOGINPROPERTY(name, 'HistoryLength') AS HistoryLength +FROM sys.sql_logins; diff --git a/databases/sql/passwords/test.py b/databases/sql/passwords/test.py deleted file mode 100644 index 81c1138..0000000 --- a/databases/sql/passwords/test.py +++ /dev/null @@ -1,80 +0,0 @@ -""" -Checks SQL Server user data for compliance with Windows policies. -""" - -# Import packages -import pandas as pd - -# Load the data into a pandas DataFrame -df_input = pd.read_csv("./data.csv") - - -# Function to apply rules and generate report -def apply_rules_and_report(df): - """ - Apply defined rules against the input data. - - Parameters: - df (pandas.DataFrame): SQL login data - - Returns: - report (list): List of dictionaries containing test results - """ - report = [] - for _, row in df.iterrows(): - result = { - "Name": row["name"], - "Type Check": "", - "Policy Check": "", - "Expiration Check": "", - "Reason": "", - } - - # Check the type_desc - if row["type_desc"] == "SQL_LOGIN": - result["Type Check"] = "SQL_LOGIN" - elif row["type_desc"] == "WINDOWS_LOGIN": - result["Type Check"] = "N/A" - result["Reason"] = "Refer to Windows password policy." - else: - result["Type Check"] = "Manual Review" - result["Reason"] = "Reviewer to manually review." - - # Check if password policy is enforced - if row["is_policy_checked"] == 1: - result["Policy Check"] = "PASS" - result["Reason"] += """Password policy is enforced. Reviewer to - check the assigned policy.""" - else: - result["Policy Check"] = "FAIL" - result["Reason"] += "Password policy is not enforced." - - # Check if password expiration is enforced - if row["is_expiration_checked"] == 1: - result["Expiration Check"] = "PASS" - result["Reason"] += """Password expiration is enforced. Reviewer to - check the expiration policy.""" - else: - result["Expiration Check"] = "FAIL" - result["Reason"] += "Password expiration is not enforced." - - report.append(result) - - return report - - -# Main function to run the script -def main(): - """ - Apply defined rules against the input data and print the results. - """ - # Apply rules and generate report - report = apply_rules_and_report(df_input) - report_df = pd.DataFrame(report) - - # Print the report - print(report_df) - - -if __name__ == "__main__": - main() -- cgit v1.2.3-70-g09d2