Light

johndejager / dsc_cisconfigurations Goto Github PK

View Code? Open in Web Editor NEW

44.0 7.0 21.0 14 KB

Repo for CIS hardening based on CIS standards

PowerShell 100.00%

dsc_cisconfigurations's Introduction

DSC_CISConfigurations

Repo for CIS hardening based on CIS standards

Feedback

This project is an experiment that has the possibility to grow into something great. We can't do that without great feedback from you. If you have an idea or find a bug, join the discussions in the issues or create a new issue.

Limitations

Currently, I am not aware of any limitations of this code.

License

DSC_CISConfigurations is licensed under the MIT License.

Maintainers

John de Jager - @johnde_jager

Code of Conduct

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

dsc_cisconfigurations's People

Contributors

Stargazers

Watchers

Forkers

markwragg affieuk mgrabarz goosvorbook mkosieradzki nobitanobi felickz adamrene smanojsrinivasan ryoweic ryanspletzer andreigavril2705 wyatt88 bateskevin losttribe ssmbct-netops sayeedmaster raji999 calgrimes

dsc_cisconfigurations's Issues

License

First of all, I would like to thank you for your tough work. The resulting DSC script is pretty much awesome, clear and very easy to read.

Would you mind to set-up some kind of license for your repository?

BTW. The missing features in SecurityPolicyDsc have been already implemented I will try to update it and create a proper PR.

Import-DscResource –ModuleName 'PSDesiredStateConfiguration'

should that be?

Import-DscResource –ModuleName 'xPSDesiredStateConfiguration'

Help required with DSC configs

Hi,

I have machines which are not domain join, and I have below DSC config file

UserRightsAssignment Adjustmemoryquotasforaprocess {
Policy = 'Adjust_memory_quotas_for_a_process'
Identity = 'Administrators, LOCAL SERVICE, NETWORK SERVICE'
}

UserRightsAssignment Changethesystemtime {
Policy = 'Change_the_system_time'
Identity = 'Administrators,LOCAL SERVICE'
}

UserRightsAssignment Changethetimezone {
    Policy   = 'Change_the_time_zone'
    Identity = 'Administrators,LOCAL SERVICE'
}

UserRightsAssignment Createglobalobjects {
Policy = 'Create_global_objects'
Identity = 'Administrators,LOCAL SERVICE, NETWORK SERVICE, SERVICE'
}

UserRightsAssignment Generatesecurityaudits {
Policy = 'Generate_security_audits'
Identity = 'LOCAL SERVICE,NETWORK SERVICE'
}

UserRightsAssignment Impersonateaclientafterauthentication {
Policy = 'Impersonate_a_client_after_authentication'
Identity = 'Administrators,LOCAL SERVICE,NETWORK SERVICE,SERVICE'
}

UserRightsAssignment Profilesystemperformance {
Policy = 'Profile_system_performance'
Identity = 'Administrators,NT SERVICE\WdiServiceHost'
}

UserRightsAssignment Replaceaprocessleveltoken {
    Policy   = 'Replace_a_process_level_token'
    Identity = 'LOCALSERVICE, NETWORK SERVICE'
}

And I am getting the below error :

{
"Exception": {
"Message": "PowerShell DSC resource MSFT_UserRightsAssignment failed to execute Test-TargetResource functionality with error message: Could not convert Identity: Administrators,LOCAL SERVICE,NETWORK SERVICE,SERVICE to SID ",
"Data": {

                       },
              "InnerException":  {
                                     "ErrorRecord":  "Could not convert Identity: Administrators,LOCAL SERVICE,NETWORK SERVICE,SERVICE to SID",
                                     "WasThrownFromThrowStatement":  true,
                                     "Message":  "Could not convert Identity: Administrators,LOCAL SERVICE,NETWORK SERVICE,SERVICE to SID",
                                     "Data":  "System.Collections.ListDictionaryInternal",
                                     "InnerException":  "System.Management.Automation.RuntimeException: Could not convert Identity: Administrators,LOCAL SERVICE,NETWORK SERVICE,SERVICE to SID",
                                     "TargetSite":  "System.Collections.ObjectModel.Collection`1[System.Management.Automation.PSObject] Invoke(System.Collections.IEnumerable)",
                                     "StackTrace":  "   at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input)\r\n   at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke)\r\n   at System.Management.Automation.PowerShell.Worker.CreateRunspaceIfNeededAndDoWork(Runspace rsToUse, Boolean isSync)\r\n   at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)\r\n   at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection`1 input, PSDataCollection`1 output, PSInvocationSettings settings)\r\n   at System.Management.Automation.PowerShell.Invoke(IEnumerable input, PSInvocationSettings settings)\r\n   at Microsoft.PowerShell.DesiredStateConfiguration.Internal.ResourceProviderAdapter.ExecuteCommand(PowerShell powerShell, ResourceModuleInfo resInfo, String operationCmd, List`1 acceptedProperties, CimInstance nonResourcePropeties, CimInstance resourceConfiguration, LCMDebugMode debugMode, PSInvocationSettings pSInvocationSettings, UInt32\u0026 resultStatusHandle, Collection`1\u0026 result, ErrorRecord\u0026 errorRecord, PSModuleInfo localRunSpaceModuleInfo)",
                                     "HelpLink":  null,
                                     "Source":  "System.Management.Automation",
                                     "HResult":  -2146233087
                                 },
              "TargetSite":  null,
              "StackTrace":  null,
              "HelpLink":  null,
              "Source":  null,
              "HResult":  -2146233079
          },

"TargetObject": null,
"CategoryInfo": {
"Category": 7,
"Activity": "",
"Reason": "InvalidOperationException",
"TargetName": "",
"TargetType": ""
},
"FullyQualifiedErrorId": "ProviderOperationExecutionFailure",
"ErrorDetails": null,
"InvocationInfo": null,
"ScriptStackTrace": null,
"PipelineIterationInfo": [

}

Can anyone help me with this?

Loading modules

Hi John,

Nice work. Your script would work ok if the modules were already loaded from PSGallery,
If the windows is a new installation/default powershell setup, then loading of those modules would be required before import-dscresource.
When I try to add find-module | install-module it seems it cannot run in the same script where import-dscresource is present. When I manually (out of the script) execute find-module | install-module, all ok.
When I add those commands in the script to execute automatically, it won't execute - reports error that modules are not present.
Any way I can embed them into the main script?
Thanks

Azure Hardening

Microsoft_network_server_Server_SPN_target_name_validation_level value incorrect

When compiling this in Azure Automation DSC, using SecurityPolicyDSC version 2.10, I ran across an error upon compiling. Your template has a value of 'Accept if provided by the client' and it should be 'Accept if provided by client' .... without the 'the'
Your comment on that line indicates that what the value should be anyways.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.