id: shutdown-without-logon-allowed

info:
  name: System Allows Shutdown Without Logging On
  author: princechaddha
  severity: medium
  description: Checks if the system allows shutdown without logging on, which could lead to denial-of-service attacks.
  impact: |
    Allowing shutdown without logging on can result in denial-of-service or unauthorized shutdown of the system.
  remediation: |
    Restrict system shutdown to logged-in users to prevent unauthorized access.
  tags: windows,shutdown,logon,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' -Name 'ShutdownWithoutLogon'

    matchers:
      - type: word
        words:
          - "shutdownwithoutlogon : 1"
# digest: 4a0a0047304502203dc0310df6f3f545cf9d6f636bb208cbba9063e77a4cf923c6f42d8d0ec65487022100e7d0ad69baa36f21564db18a402cc7101512821e2dc27fbf23503bae8c8ae369:922c64590222798bb761d5b6d8e72950