Skip to content

HealthChecker IIS Modules Check#1132

Merged
lusassl-msft merged 1 commit into
mainfrom
lusassl-iismodulework
Aug 5, 2022
Merged

HealthChecker IIS Modules Check#1132
lusassl-msft merged 1 commit into
mainfrom
lusassl-iismodulework

Conversation

@lusassl-msft
Copy link
Copy Markdown
Contributor

@lusassl-msft lusassl-msft commented Jul 13, 2022
edited
Loading

Description:
Implemented a new test which validates the modules, loaded by IIS. We read the required module information from the applicationHost.config file and validating if they're signed and whether the signer is O=Microsoft Corporation or not. We do this with the help of the Get-AuthenticodeSignature cmdlet.

We call out if:

  • Signature is valid, but signer is not Microsoft (yellow warning)
  • Signature has a HashMismatch or is NotTrusted (yellow warning)
  • Signature is UnknownError, NotSigned, NotSupportedFileFormat or Incompatible (red error)

image

image

Resolve: #1123

Validation:
Lab & Unit testing

@lusassl-msft lusassl-msft added Enhancement New feature or request Health Checker labels Jul 13, 2022
dpaulson45
dpaulson45 requested changes Jul 21, 2022
View reviewed changes
Comment thread Shared/IISFunctions/Get-ApplicationHostConfig.ps1 Outdated
Comment thread Shared/Tests/Get-IISModules.Tests.ps1 Outdated
Comment thread Shared/Tests/Get-IISModules.Tests.ps1
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Diagnostics/HealthChecker/Helpers/Class.ps1 Outdated
@lusassl-msft lusassl-msft requested a review from dpaulson45 August 4, 2022 19:18
dpaulson45
dpaulson45 requested changes Aug 4, 2022
View reviewed changes
Comment thread Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityIISModules.ps1 Outdated
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Shared/IISFunctions/Get-ApplicationHostConfig.ps1
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Shared/IISFunctions/Get-IISModules.ps1 Outdated
Comment thread Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityIISModules.ps1 Outdated
@dpaulson45 dpaulson45 added the New Feature/Check A new feature or check that is being added to a script label Aug 4, 2022
@lusassl-msft lusassl-msft requested a review from dpaulson45 August 5, 2022 11:16
dpaulson45
dpaulson45 requested changes Aug 5, 2022
View reviewed changes
Comment thread Shared/IISFunctions/Get-ApplicationHostConfig.ps1
@dpaulson45
Copy link
Copy Markdown
Member

dpaulson45 commented Aug 5, 2022

@lusassl-msft after making that one change rebase against main and squash all the commits down to 1.

We could have different commits for the Pester Tests, but they were also with the main commits as well, that is why it might be best to have just one here.

@lusassl-msft lusassl-msft force-pushed the lusassl-iismodulework branch from d5d90bd to fb43133 Compare August 5, 2022 15:19
@lusassl-msft lusassl-msft requested a review from dpaulson45 August 5, 2022 15:19
@lusassl-msft lusassl-msft merged commit 4d421d6 into main Aug 5, 2022
@lusassl-msft lusassl-msft deleted the lusassl-iismodulework branch August 5, 2022 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dpaulson45 dpaulson45 dpaulson45 approved these changes

@bill-long bill-long Awaiting requested review from bill-long

Assignees

No one assigned

Labels

Enhancement New feature or request Health Checker New Feature/Check A new feature or check that is being added to a script

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Health Checker - IIS Module Check

2 participants

@lusassl-msft @dpaulson45