microsoft / powerstigdsc Goto Github PK
View Code? Open in Web Editor NEWThis project is ARCHIVED and moved to https://github.com/Microsoft/PowerStig
License: Other
powerstigdsc's People
Contributors
Stargazers
Watchers
powerstigdsc's Issues
Binary Registry bug within PSDesiredStateConfiguration "Registry" Resource
Describe the bug
Attempting to set a binary registry key to 0 will result in the key being set to "zero-length binary value" due to a bug with the registry resource parsing the value of 0 into a binary format.
To Reproduce
Steps to reproduce the behavior:
- Create a test configuration containing the following:
Configuration TestConfig {
Import-DSCResource -ModuleName 'PSDesiredStateConfiguration'
Nodename $Nodename
{
Registry 'Registry(INF): HKLM:\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing'
{
ValueName = 'FullPrivilegeAuditing'
ValueType = 'Binary'
Key = 'HKLM:\System\CurrentControlSet\Control\Lsa'
ValueData = 0
Ensure = "Present"
Force = $True
}
}
}
- Generate a MOF and push the configuration.
- Check the HKLM:\System\CurrentControlSet\Control\Lsa registry key, it will be set to "Zero-Length Binary Value."
- Set the valuedata to 1, and it will parse correctly, resulting in the key being set to "01"
- Regardless of how you attempt to set the "00" value, it will result in the "Zero-Length Binary Value
Expected behavior
HKLM:\System\CurrentControlSet\Control\Lsa registry key should be set to "00"
Screenshots
Additional context
Work-around is importing the xPSDesiredStateConfiguration module and using the xRegistry resource, which will parse the value of "0" into a binary key of "00"
Example:
Configuration TestConfig {
Import-DSCResource -ModuleName 'xPSDesiredStateConfiguration'
Nodename $Nodename
{
xRegistry 'Registry(INF): HKLM:\System\CurrentControlSet\Control\Lsa\FullPrivilegeAuditing'
{
ValueName = 'FullPrivilegeAuditing'
ValueType = 'Binary'
Key = 'HKLM:\System\CurrentControlSet\Control\Lsa'
ValueData = 0
Ensure = "Present"
Force = $True
}
}
}
Link to the original bug: PowerShell/DscResources#203
SqlServer README and Examples update
Is your feature request related to a problem? Please describe.
Sql Server Composite Stig README is not in compliance with the project format and there are no SQL Server Examples
Describe the solution you'd like
Remove SqlServer README and update Project README. Add SqlServer examples to Project
Describe alternatives you've considered
Additional context
PowerStig Technology Class is moving to an Enumeration
The composite resources currently instantiate the technology class in PowerSTIG as part of the StigData constructor to query for the Stig settings. Upcoming changes to PowerStig will replace the technology Class with an Enumeration, which will break the composite resources call into the PowerStig classes.
The following update will detect what is available in PowerStig and use it until the PowerStigDsc manifest is updated to require a minimum version of PowerSTIG that contains the enumeration.
if((New-Object Technology).GetType().BaseType.Name -eq 'Enum')
{
$technology = [Technology]::Windows
}
else
{
$technology = [Technology]::New( "Windows" )
}ActiveDirectoryAuditRuleEntry is missing.
In common/windows.AccessControl.ps1 there is a switch to select the AccessEntry type, but ActiveDirectoryAuditRuleEntry is missing from the switch.
These rules are not being added to the output mof.
The WindowsServer.integration.tests.ps1 has been updated to filter out ActiveDirectoryAuditRuleEntry rules. Once this issue is updated, the Permissions Context should be updated to remove the liter.
Syntax error with 'using' statement in composite resources
I should have clarified further with my PR. There is no actual error when compiling the configuration using these composite resources. I'm actually just getting a syntax error in the code as shown in the screenshot above. My OCD kicked in which prompted the PR #8 π .
PowerStigDsc - Needs to be able to automate SqlServer Stigs
PowerSTIG currently can't automate the SqlServer2012 STIG. Needs to be updated to accommodate.
Migrating PowerStigDsc into PowerStig
I wanted to open an issue to communicate that we are planning to collapse PowerStigDsc into PowerStig. There are a few maintenance issues pushing this.
Right now we donβt have the using statements calling a fully qualified module (no version number).
We did that so that we could update PowerStig and not have to update PowerStigDsc., but this causes 2 issues.
- You can only have one version of PowerStig on your system.
- We have a validate set version on the STIG numbers that need to be updated with PowerStig, so they are tied together anyway.
We have a third project that helps mange the dependencies, but we can collapse most of that back into PowerStig as well. These were all originally broken into different modules to keep the module size down and the scope narrow, but after writing some documentation and talking with different people that are evaluating the project, having multiple modules adds to user complexity, so we want to eliminate as much complexity for everyone by consolidating the projects into a single module to do all things PowerStig related.
I will archive this repo and move all of the PowerStigDsc code and supporting code over to PowerStig this weekend.
The PowerStig Technology class no longer exists
Describe the bug
The following code should be removed now that PowerStig has released with the Technology enumeration.
# BEGIN: This is a temporary fix until PowerStig has migrated the technolgy class to an enumeration
if ((New-Object Technology).GetType().BaseType.Name -eq 'Enum')
{
# BEGIN: leave this after the temp fix is removed
$technology = [Technology]::Windows
# END: leave this after the temp fix is removed
}
else
{
$technology = [Technology]::New( "Windows" )
}
# END: This is a temporary fix until PowerStig has migrated the technolgy class to an enumerationTo Reproduce
none
Expected behavior
The technology enumeration should only be used in all composite resources.
$technology = [Technology]::WindowsServerScreenshots
none
Additional context
none
RequiredModules are no longer automatically downloaded from the gallery.
Describe the bug
PowerStigDsc is now listed as a manifest module (vs a script module) so when you install the module from the gallery, the required modules are no longer automatically installed.
To Reproduce
- Uninstall-Module -Name PowerStigDsc
- Uninstall-Module -Name AccessControlDsc
- Install-Module PowerStigDsc
- Look in the $PsModulePath an see that AccessControlDsc was not installed.
Expected behavior
Install-Module PowerStigDsc should install all required modules.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.