#To define a particular parameter, replace the 'parameterName' inside itsm.getParameter('parameterName') with that parameter's name
import os
import re
import filecmp
import difflib
import sys
import ctypes
Eventid=4624 
AccountName= "VulnerabilityScanner"
workdir=os.environ['PROGRAMDATA']+r'\c1_temp'
if not os.path.exists(workdir):
    os.makedirs(workdir)
save_path=workdir



def eventid():
    class disable_file_system_redirection:
        _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
        _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
        def __enter__(self):
            self.old_value = ctypes.c_long()
            self.success = self._disable(ctypes.byref(self.old_value))
        def __exit__(self, type, value, traceback):
            if self.success:
                self._revert(self.old_value)
                
    setpolicy=os.popen('powershell "Set-ExecutionPolicy RemoteSigned"').read()
    with disable_file_system_redirection():
        command='powershell.exe ' +'"'+' Get-EventLog -log Security | Where {$_.message -match "Account Name:\s*%s"} | Where {$_.eventid -eq %s}"'%(AccountName,Eventid)
        print command
        logs=os.popen(command).read()

    return logs

login_event=[]
flag=0
global fnd2
fnd2=0
out=save_path+"\\Output.txt"
event=eventid()

for i in [i.strip() for i in event.split("\n\n")  if i.strip()]:
    i = i.lower()
    login_event.append(i)

def alert(arg): 
    sys.stderr.write("%d%d%d" % (arg, arg, arg)) 
def files():
    file_name1 = "login_old.txt"
    cur_dir1 = save_path
    file_list1 = os.listdir(cur_dir1)
    parent_dir1 = os.path.dirname(cur_dir1)
    if file_name1 in file_list1:
        fnd2=1
        with open(os.path.join(save_path, "login_new.txt"), "w") as file_1:
            for j in login_event:
                j=str(j)
                file_1.write(j+'\n')
                fnd2=1      
    else:
        with open(os.path.join(save_path, "login_old.txt"), "w") as file_1:
            file_1.write('\n')
            fnd2=2  
    return fnd2
def swchanges():  
    file11=save_path+"\\login_new.txt"
    file_1=save_path+"\\login_old.txt"
    flag=0 
    if False==0:     
        with open(file11) as file:
            data1=file.read()
            data1.strip()
            with open(file_1) as file:
                data21=file.read()
                data21.strip()
                text1Lines1 = data1.splitlines(1)
                text2Lines1 = data21.splitlines(1)
                diffInstance1 = difflib.Differ()
                diffList1 = list(diffInstance1.compare(text1Lines1,text2Lines1 ))
                with open(out, 'a+') as o1:
                    o1.write("\n********** Newly Added Event logs***********\n")
                    for line in diffList1:
                        if line[0] == '-':
                            flag=1
                            o1.write(line)
                o1.close()  
            file.close()
        file.close()
    return flag 
def remove():
    os.remove(save_path+"\\login_old.txt")
    os.rename(save_path+"\\login_new.txt",save_path+"\\login_old.txt" )
    os.remove(save_path+"\\Output.txt")
ki=files()
if ki==2:
    with open(os.path.join(save_path, "login_old.txt"), "w") as file_1:
        file_1.write('\n')
    file_1.close()
    ki=files()
s=swchanges()
if s ==0:
    print "No new event for logon failed"
    alert(0)
else:
    with open(out, 'r') as o1:
        for i in o1:
            print i
    o1.close()
    alert(1)
v=remove()