Merge pull request #24 from fn20200323/master

phifogg · web-flow · commit b2eaebc3ce27 · 2021-10-20T11:08:46.000+02:00
Check for inactive admin users
diff --git a/README.md b/README.md
@@ -115,6 +115,9 @@ Improper use of eval() opens up your code for injection attacks and difficulties
 ### Do not use gr as a variable name
 The platform is Javascript and a lot of code is run in a global variable scope. A "gr" defined in one business rule can clobber another "gr" defined in some other script.
 
+### Admins not logged in for 1 month
+Monitor users with role `admin` (not locked out) that are not logged for longer than 1 month
+
 ## Category: User Experience
 
 
diff --git a/scan_table_check_22a8ebad2fd3301036c51e282799b6b4.xml b/scan_table_check_22a8ebad2fd3301036c51e282799b6b4.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<unload unload_date="2021-10-19 22:38:23">
+<scan_table_check action="INSERT_OR_UPDATE">
+<active>true</active>
+<advanced>false</advanced>
+<category>security</category>
+<conditions table="sys_user">locked_out=false^roles=admin^last_login_timeRELATIVELT@month@ago@1^ORlast_login_timeISEMPTY^EQ<item goto="false" or="false" field="locked_out" endquery="false" value="false" operator="=" newquery="false"/>
+<item goto="false" or="false" field="roles" endquery="false" value="admin" operator="=" newquery="false"/>
+<item goto="false" or="false" field="last_login_time" endquery="false" value="LT@month@ago@1" operator="RELATIVE" newquery="false"/>
+<item goto="false" or="true" field="last_login_time" endquery="false" value="" operator="ISEMPTY" newquery="false"/>
+<item goto="false" or="false" field="" endquery="true" value="" operator="=" newquery="false"/>
+</conditions>
+<description/>
+<documentation_url/>
+<finding_type>scan_finding</finding_type>
+<name>Admins not logged in for 1 month</name>
+<priority>2</priority>
+<resolution_details/>
+<run_condition/>
+<score_max>100</score_max>
+<score_min>0</score_min>
+<score_scale>1</score_scale>
+<script><![CDATA[(function (engine) {
+
+    // Add your code here
+
+})(engine);]]></script>
+<short_description>List users with admin role that were inactive for at least 1 month</short_description>
+<sys_class_name>scan_table_check</sys_class_name>
+<sys_created_by>admin</sys_created_by>
+<sys_created_on>2021-10-19 21:45:37</sys_created_on>
+<sys_id>22a8ebad2fd3301036c51e282799b6b4</sys_id>
+<sys_mod_count>1</sys_mod_count>
+<sys_name>Admins not logged in for 1 month</sys_name>
+<sys_package display_value="Global" source="global">global</sys_package>
+<sys_policy/>
+<sys_scope display_value="Global">global</sys_scope>
+<sys_update_name>scan_table_check_22a8ebad2fd3301036c51e282799b6b4</sys_update_name>
+<sys_updated_by>admin</sys_updated_by>
+<sys_updated_on>2021-10-19 22:36:47</sys_updated_on>
+<table>sys_user</table>
+<use_manifest>false</use_manifest>
+</scan_table_check>
+</unload>
