cargo fmt --all

2020-09-25 21:46:40 +09:00
parent 8b3ce3e071
commit d42276ada9
8 changed files with 69 additions and 78 deletions
--- a/src/detections/security.rs
+++ b/src/detections/security.rs
@@ -1,5 +1,5 @@
-use std::collections::HashMap;
 use crate::models::event;
+use std::collections::HashMap;

 #[derive(Debug)]
 pub struct Security {
@@ -11,7 +11,7 @@ pub struct Security {

 impl Security {
    pub fn new() -> Security {
-        Security{
+        Security {
            alert_all_admin: 0,
            total_admin_logons: 0,
            admin_logons: HashMap::new(),
@@ -27,8 +27,12 @@ impl Security {
        }
    }

-    pub fn detection(&mut self, event_id: String, system: &event::System, event_data: HashMap<String, String>) {
-    
+    pub fn detection(
+        &mut self,
+        event_id: String,
+        system: &event::System,
+        event_data: HashMap<String, String>,
+    ) {
        if event_id == "4672" {
            &self.se_debug_privilege(event_data);
        }
@@ -38,12 +42,10 @@ impl Security {
    // Special privileges assigned to new logon (possible admin access)
    //
    fn se_debug_privilege(&mut self, event_data: HashMap<String, String>) {
-    
        match event_data.get("PrivilegeList") {
            Some(privileage_list) => {
                match privileage_list.find("SeDebugPrivilege") {
                    Some(_data) => {
-    
                        // alert_all_adminが有効であれば、標準出力して知らせる
                        // DeepBlueCLIでは必ず0になっていて、基本的には表示されない。
                        if self.alert_all_admin == 1 {
@@ -53,39 +55,43 @@ impl Security {
                            println!("User SID:{}", event_data["SubjectUserSid"]);
                            println!("Domain:{}", event_data["PrivilegeList"]);
                        }
-    
+
                        self.total_admin_logons += 1;
-    
+
                        // admin_logons配列にusernameが含まれているか確認
                        match self.admin_logons.get(&event_data["SubjectUserName"]) {
                            Some(sid) => {
                                // 含まれていれば、マルチユーザが管理者としてログインしているか確認
                                // マルチログオンのデータをセット
-                                if event_data["SubjectUserName"] != event_data["SubjectUserSid"] { // One username with multiple admin logon SIDs 
-                                    self.multiple_admin_logons.insert(event_data["SubjectUserName"].to_string(),1);
-                                    
+                                if event_data["SubjectUserName"] != event_data["SubjectUserSid"] {
+                                    // One username with multiple admin logon SIDs
+                                    self.multiple_admin_logons
+                                        .insert(event_data["SubjectUserName"].to_string(), 1);
+
                                    let mut count_hash: HashMap<String, i32> = HashMap::new();
-                                    count_hash.insert(event_data["SubjectUserSid"].to_string(), sid[&event_data["SubjectUserSid"]] + 1);
-                                    self.admin_logons.insert(event_data["SubjectUserName"].to_string(), count_hash);
+                                    count_hash.insert(
+                                        event_data["SubjectUserSid"].to_string(),
+                                        sid[&event_data["SubjectUserSid"]] + 1,
+                                    );
+                                    self.admin_logons.insert(
+                                        event_data["SubjectUserName"].to_string(),
+                                        count_hash,
+                                    );
                                }
-                            },
+                            }
                            None => {
                                // admin_logons配列にセットUserNameとSIDとカウンタをセット
                                let mut count_hash: HashMap<String, i32> = HashMap::new();
                                count_hash.insert(event_data["SubjectUserSid"].to_string(), 1);
-                                self.admin_logons.insert(event_data["SubjectUserName"].to_string(), count_hash);
-                                
+                                self.admin_logons
+                                    .insert(event_data["SubjectUserName"].to_string(), count_hash);
                            }
                        }
-                    },
+                    }
                    None => (),
                }
-            },
+            }
            None => (),
-            
        }
-        
    }
-
 }
-